Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Privacy Advocates Bemoan the Problems With WHOIS

Zonk posted more than 6 years ago | from the please-don't-call-me dept.

Privacy 174

An anonymous reader writes "The Globe and Mail is reporting that net privacy advocates are spurring ICANN into scrapping WHOIS. The advocates complain that the system doesn't do enough to protect domain owner information from spammers and fraudsters, and compare the problems to those being experienced on a broader scale by email users. 'WHOIS, much like e-mail, is an age-old Internet relic that comes from a time when the Internet was almost considered a network of trustworthy users. E-mail has, quite clearly, some massive problems coping in the modern age, but it's still here. It stands to reason, then, that WHOIS won't be going anywhere any time soon. Just like e-mail, it's prone to abuse. But again, just like e-mail, it's too useful to axe.'"

cancel ×

174 comments

Whois is useful? (5, Insightful)

morgan_greywolf (835522) | more than 6 years ago | (#21171401)

For what? These days, everybody is registering private domains through people like DomainsByProxy. Whois is becoming more and more useless. Might as well chuck it.

Re:Whois is useful? (3, Insightful)

mwvdlee (775178) | more than 6 years ago | (#21171475)

And what kind of method is DomainsByProxy using to check domain name availability?

A better whois could do the same thing (1)

Foktip (736679) | more than 6 years ago | (#21171835)

Whatever, they can make a new "WHOIS" that doesnt give out your address, phone number, email address, and basically all your private contact information - on the internet. Before someone can get whois information, they should be questioned to make sure they have a legitimate claim - and then the questioner should forward that complaint/information to the site owner, and allow the site owner to decide whether to divulge their information to that person or not. Basically, its what a lot of domain services already do, only that should be the DEFAULT for WHOIS - not an extra, expensive option.

Re:A better whois could do the same thing (1)

Metaphorically (841874) | more than 6 years ago | (#21172207)

I think giving out the owner name to anyone that asks is very important. Other than that I agree - the contact info should be private.

Sites are already supposed to monitor a handful of well-known email addresses like abuse@ and whatever else. That should be enough.

Re:A better whois could do the same thing (0)

Anonymous Coward | more than 6 years ago | (#21172987)

You mean, like sending the site owner an email? Yea, that should work nicely.

Re:Whois is useful? (0)

Anonymous Coward | more than 6 years ago | (#21171521)

I agree. Why not just make the database private? Why does everyone need to know who a domain belongs to?

All of my whois data is "anonymous". My registrar kicks it in for free, now mind you I also pay $15 a year vs the $9 or whatever the cheaper places charge. But hey, they have good service and free hidden whois! ;)

Re:Whois is useful? (1)

emj (15659) | more than 6 years ago | (#21171739)

Regging domains anonymously is free at Dreamhost.

Re:Whois is useful? (1)

emj (15659) | more than 6 years ago | (#21171803)

Eeeh, bit too fast posting there, *if* you pay hosting fees.. ;-)

Re:Whois is useful? (1)

Metaphorically (841874) | more than 6 years ago | (#21172123)

So just as free as 1and1 and a bunch of other providers then.

Re:Whois is useful? (1)

smitty_one_each (243267) | more than 6 years ago | (#21171819)

Why not just make the database private?
Oh, so people can set up a business based on information control?
Look, three credit reporting agencies (in the US), with a several hundred dollar/multiple hour investment required just to correct their non-command of database management, is a notable example of why this idea draws vacuum.

Re:Whois is useful? (0)

Anonymous Coward | more than 6 years ago | (#21171587)

Beyond private registration, Whois data is basically on the honor system. Bad people will simply enter bogus information, and so only those who try to be honest with the system get screwed by spammers, identity thieves, etc.

I'm hard-pressed to imagine a legitimate need to publish these things. Obviously registrars should maintain records of who paid for a given domain registration, and should forward that information to other parties when required (especially when there is evidence of nefarious actions), but otherwise the whole system strikes me as ridiculous.

What legitimate business hides their identity? (0, Troll)

www.sorehands.com (142825) | more than 6 years ago | (#21171843)

If you do business, people have a right to know who they are doing business with!

Two things, lets say Microsoft has a pro-windows or anti-Linux blog talking about how their company found that many Linux distros contain trojans. Now lets say these blogs are done with anonymous registration?

Is this kosher?

Re:What legitimate business hides their identity? (0)

Anonymous Coward | more than 6 years ago | (#21171955)

Define "do business". Plenty of domains out there that "do business" with AdSense or don't "do business" at all.

Re:What legitimate business hides their identity? (2, Interesting)

kebes (861706) | more than 6 years ago | (#21172005)

lets say Microsoft has a pro-windows or anti-Linux blog talking about how their company found that many Linux distros contain trojans. Now lets say these blogs are done with anonymous registration? Is this kosher?
If by 'anonymous' you mean 'not publicly visible, but recorded somewhere' then yes, that's fine. Anyone can use the internet to say what they want. If what they publish on their site becomes a problem (spam, slander, etc.), then obviously there should be a procedure for finding out who owns the domain so that you can contact them with your concerns.

But there's no need for the "default public" policy that WHOIS historically operated on. Moreover, if someone like Microsoft wanted an anti-Linux site, it would be trivial for them to outsource its operation to some other company. The current WHOIS actually doesn't provides a robust mechanism for determining who runs and operates a domain name.

The problem is that WHOIS currently is a very weak system. The data it contains isn't accurate, isn't verified, and what few legitimate uses there are for the system could just as easily be accommodated in an "default private" system where requests for additional information about a domain require a little bit of processing (and notification to the domain owner about who is performing a formal lookup on them, and the stated reason for doing so).

Re:What legitimate business hides their identity? (2, Informative)

Metaphorically (841874) | more than 6 years ago | (#21172425)

But there's no need for the "default public" policy that WHOIS historically operated on. Moreover, if someone like Microsoft wanted an anti-Linux site, it would be trivial for them to outsource its operation to some other company. The current WHOIS actually doesn't provides a robust mechanism for determining who runs and operates a domain name.
You've got a good point that it's trivial to dodge the name requirement in Whois now. I think that should be a reason to fix it though, not drop it. Pro-MS/Anti-Linux or whatever is one example where astroturfing means big dollars but there are worse ones like political blogs and medical stuff.

The ability to outsource slander is a problem and not just with Whois. Look at political ads - they carry a tagline that's supposed to say who produced it but they can make up a name like "Save the Children Foundation" as a front for whichever political party they want. Tracking down who says what for whom is hard enough in that arena but outside of politics (in tech, drug, clothing, car or whatever industries) is next to impossible.

We need to be able to see who's saying what more easily, not just when there's a problem.

I definitely agree about contact information though. My whois is private to stop the junk mail and junk email, not to hide my name. Seeing who wrote something or supported the writing of something should be easy for people who want to know. Sending them an advert for your registrar doesn't need to be. Of course if Whois cost money to view, which of those interests do you think would be the ones paying to read?

Re:Whois is useful? (1)

JCSoRocks (1142053) | more than 6 years ago | (#21172127)

I agree, I remember when WHOIS was actually useful... Now it's just an easy way for spammers to send you BOATLOADS of unwanted e-mail, credit card apps, all kinds of garbage. It needs to be done away with. The last time I registered a domain it took me 2 months just to get the junk mail flow stopped.

Re:Whois is useful? (2, Interesting)

ztransform (929641) | more than 6 years ago | (#21171747)

I have to agree.

I've tried to privately register every single one of my domains, and end up paying more for what is effectively "not listing my number in the telephone book", just because I don't want SPAM.

I say scrap whois. But still make registration of e-mail mandatory so the registrar can still contact domain owners.

I would guess the real-world equivalent is car registration (number) plates. In most countries the name and address of the registration plate owner is not publicly available presumably to deter road-rage from translating to home attacks; something a domain name owner may also be wary of.

for plenty of us (3, Insightful)

CarpetShark (865376) | more than 6 years ago | (#21171771)

Speak for yourself. I use whois every day. It's invaluable.

Re:for plenty of us (1)

unlametheweak (1102159) | more than 6 years ago | (#21172525)

Speak for yourself. I use whois every day. It's invaluable.
Are you a spammer?

There would be no other reason to use whois since it is unreliable. If people want to give out their information to the entire World Wide Web then they should do it on their own Web sites. People should not have to pay extra money, or risk losing their domain names (because they are breaking ICANN rules), or possibly risk going to jail (in at least some countries I would presume) for not wanting spammers, stalkers, poperotzy, or law enforcement officials to know where they live (police are a tool that can be used for good and for bad). The sad thing is that only the ignorant and frugal will have accurate information. Businesses can always use certificates to authenticate themselves (although this too is a rather lame form of authentication that can be abused by criminals). I can think of no good reason for whois to exist in this day and age. If you can come up with reasons, then I could probably think of even better counter-arguments. It was good in it's day, but like all good things that become too popular, it gets used mainly for it's lowest common denominator attributes.

Re:for plenty of us (4, Interesting)

CarpetShark (865376) | more than 6 years ago | (#21172839)

Are you a spammer?

There would be no other reason to use whois since it is unreliable.


Then why are you asking a question you think you know the answer to, if not that you think you're wrong? As it happens, you're VERY wrong. It's not the be-all-and-end-all of domain details, no, but it's very useful; for quickly finding out the status of a potential customer's domain, for finding out who owns an IP address that's exhibiting abuse, etc.

Re:for plenty of us (3, Insightful)

hackstraw (262471) | more than 6 years ago | (#21172717)

Speak for yourself. I use whois every day. It's invaluable.

Really? Can someone elaborate on its usefulness? I gave up on it years ago. (also, I simply don't need to know this info anymore)

When I was a SPAM vigalante, I would do whois lookups, and usually the information was clearly bogus. Often, if the info was not bogus, it was outdated. And I've heard from many people that are legitimate people doing legitimate things with their hostnames that would never give real information for whois lookups because they simply don't want to be the target of SPAMers or whatever else could come from having any personal information laying around for some random person to have fun with.

I would never put accurate or relavant info into a whois lookup, and I don't expect anyone else to do so either. Nothing good can come from it, unless maybe you hold the killer domain and you hope someone will try to buy it from you.

I also lie about any personal info to protect my privacy, unless there is something explicity beneficial for me for someone else to have relevant info. I also tell all of the door to door sales people trying to sell me some crap for my house that I rent. They immediately say "Oh", and walk away. I also pay extra to have my phone number unlisted.

I'm still on some lists, but not that many. And the fewer the better.

Re:for plenty of us (1)

CarpetShark (865376) | more than 6 years ago | (#21172903)

Really? Can someone elaborate on its usefulness? I gave up on it years ago. (also, I simply don't need to know this info anymore)

When I was a SPAM vigalante, I would do whois lookups, and usually the information was clearly bogus. Often, if the info was not bogus, it was outdated.


Well, there are lots of TLDs out there, each with different standards, and lots of different types of domains to lookup. What you get when you look up a site likely to be targetted by spammers isn't necessarily what you'll get when an average small business person calls up and is unsure of their domain details.

For verifying a domain exists, for example (2, Interesting)

wsanders (114993) | more than 6 years ago | (#21172397)

In response to customer inquiries about why such-and-such a domain isn't resolving, I do hundreds of checks a month to verify that domains actually exist, since a sizable percentage have non-functioning DNS. I also query to see if domains we are about to drop from our authoritative DNS service are actually gone.

Not to say the whole whois scheme is a mess, but some sort of non-DNS, free service needs to exist to verify that a certain domain either exists or doesn't.

The other thing that irritates people the most, besides the privacy issues, is that there is such inconsistency in how the whois info is made available.

Re:For verifying a domain exists, for example (2, Informative)

nuzak (959558) | more than 6 years ago | (#21172861)

You don't need whois to check for the existence of a domain. Just look up its NS glue record.

What WHOIS is really good for is getting the registration date of a domain, which is a nice indicator of whether a domain is actually a throwaway spam domain or an established site. It'd be nice if the dates actually came back in a consistent format, but at least it's usually human-readable. IP whois is also nice when you're looking at an ISP that actually bothers to fill out SWIPS records for allocations. I've been going more to BGP4 ASNs to determine ownership of IPs instead, but those only come into play for larger allocations.

RIPE is the only RIR that has its shit together when it comes to WHOIS, everywhere else is a complete mess. I say ICANN drops the requirement for WHOIS to return personal data in public queries, and also mandates a migration to the RIPE formats, which are actually consistent.

Re:For verifying a domain exists, for example (1)

wsanders (114993) | more than 6 years ago | (#21173717)

Not all domains have NS glue records, however.

The Joy of Being Canadian with a .ca (1)

Nos. (179609) | more than 6 years ago | (#21171425)

Re:The Joy of Being Canadian with a .ca (1)

IBBoard (1128019) | more than 6 years ago | (#21171639)

Ditto for UK domains. As long as you're a non-commercial individual then you don't even need to cough up for the privacy fee that they charge for .coms.

I've never seen the point of my (personal) details being on a WhoIs record. If it was a corporate held domain and there was some validation that the details were correct then it might be useful, but for any Tom, Dick or Harry buying their own domain then it seems like a major security risk (ignoring the more low-level privacy invasion of posting it on the Net).

Re:The Joy of Being Canadian with a .ca (1)

tlhIngan (30335) | more than 6 years ago | (#21171787)

I've never seen the point of my (personal) details being on a WhoIs record. If it was a corporate held domain and there was some validation that the details were correct then it might be useful, but for any Tom, Dick or Harry buying their own domain then it seems like a major security risk (ignoring the more low-level privacy invasion of posting it on the Net).


Yeah, it's really annoying. Heck, I filter my email (thanks procmail) to only allow email from my registrar (who actually check that the info is valid - they use your billing contact as the billing info from the credit card, and the email registered as the contact email). So much for all those promises about "misuse of WHOIS data". (The email I use is specifically for the registrar, so if I get spam, I know some spammer mined WHOIS data. They all do).

WHOIS is nice from time to time, but honestly, everytime I've used it, it was to get some info about the domain, I didn't care for phone numbers or street addresses (city/state/country is useful, though, as are the dates). Hell, if I needed to contact someone from their domain, I'd probably use their website.

Re:The Joy of Being Canadian with a .ca (0)

Anonymous Coward | more than 6 years ago | (#21173087)

This isn't a problem for personal domains so long as the policy is enforced. Hands up anyone who ever got a reply from Nominet when they reported spammers or folks using a domain commercially and using the WHOIS opt-out?

As an admin I think any commerial domain or IP range without accurate WHOIS (or if WHOIS is only made availiable over HTTP) should be blacklisted. It's not a privacy issue, it's an accountability issue.

Re:The Joy of Being Canadian with a .ca (0)

Anonymous Coward | more than 6 years ago | (#21171759)

.to also suppresses that information. But ICANN is trying to strong arm the country code tld's to have to follow their rules.

Even "Heroes" agrees (4, Insightful)

Kelson (129150) | more than 6 years ago | (#21171453)

In one episode last season, Ando showed up at Niki's house, having been able to find her because she listed her home address on the WHOIS record for her website.

(The unspoken moral: use a PO Box, or some guy from halfway around the world will drop in on you unexpectedly.)

Re:Even "Heroes" agrees (1, Funny)

Anonymous Coward | more than 6 years ago | (#21171533)

Yeah, then he'll probably get a mate to stop time so he can nick stuff from your house or something. Bastards.

Re:Even "Heroes" agrees (2, Interesting)

JK_the_Slacker (1175625) | more than 6 years ago | (#21171613)

And use an email address you don't use for anything else (which is a good idea anyway.) If you can't be bothered to clean out an inbox every few days, you probably shouldn't be the contact for a domain name, anyway.

Note that I'm not advocating spam by any means, merely acknowledging the reality of it. I firmly believe that spammers should be hit with fines until they don't have any money left, and those fines reinvested into things like improving internet infrastructure in rural areas.

Re:Even "Heroes" agrees (2, Interesting)

maitai (46370) | more than 6 years ago | (#21173971)

Back around 1996 or so I had someone show up my house after retrieving my address from my domains WHOIS record.

They'd received some bounced emails from an email address they didn't recognize (mine), assumed they're emails were being 'hijacked' (as they put it). They then looked up the WHOIS information for my domain (which included the same email address in the record), realized it was local and drove out to my house.

Of course, I was the system admin for their upstream provider... and they already knew me in person since I was the one who installed the router on their end of the pipe. But at the time it was kind of odd having them show on my doorstep out of the blue like that.

What is the problem? (2, Interesting)

Anonymous Coward | more than 6 years ago | (#21171465)

The advocates complain that the system doesn't do enough to protect domain owner information from spammers and fraudsters

Every major domain registrar lets you do a "private domain registration" for a few bucks extra. They replace the WHOIS data with generic info plus a uniqueID, which lets you contact the domain owner through the registrar.

Pretty simple - not rocket science.

I am sure that the registrars will happily hand over the actual domain registration info to duly authorized law enforcement with a court order.

Further, any legitimate business puts a mailing address/phone number/fax number on their website. Having the same information available in whois isn't an issue.

Re:What is the problem? (1)

discord5 (798235) | more than 6 years ago | (#21173851)

Every major domain registrar lets you do a "private domain registration" for a few bucks extra

Actually, some cc-tlds forbid it. They don't give out the owner on the whois request, but they do on their website after entering a captcha. The captcha itself however hasn't stopped persistent spammers and even domain name scammers.

A few years ago a certain registrar started sending out lots of snailmail warning people that their domain name was about to expire. Many customers immediately responded by signing that document they got by mail, and making a donation to this registrars bank account. The problem was that those people often forgot that they already had another company taking care of their hosting and DNS, which now pointed to some prefab "Welcome to your new web space" page. No MX record, just an A and a CNAME pointing to that one server. While questionable, it was perfectly legal at the time. The paperwork was all there and signed no less by people who didn't feel like reading it entirely.

Oh, I remember the crying and screaming on the telephone that year... A marvelous symphony of remorse and despair when they realized that it was actually they themselves and not their hosting company that screwed them over. In retrospect it was quite funny, but at the time it was a drama of epic proportions. There were managers screaming into their phones on "how much business they lost" in one day, frustrated sysadmins wondering why their bosses signed a document without consulting them first, and of course the couple of people with personal vanity domains who were quite upset that they couldn't post to their blog or whatever anymore.

Ever since that day, I hate whois (except when it's proven useful to me)

Not a problem (0)

Anonymous Coward | more than 6 years ago | (#21171471)

Identification information is going to be kept for each domain, whether whois exists or not. It's just a question of whether it will be open to everyone, or just to the registrar, their employees, your hosting provider, your ISPs, credit card companies, data thieves, third parties the data is sold to, people with court orders, and warrantless government surveillance programs.

Whether whois exists or not you have no privacy - but with whois at least you know it.

This has been an ongoing problem (0)

Anonymous Coward | more than 6 years ago | (#21171489)

I've been dealing with something like this for years now. I had a domain squatted out from under me by the same people that are written about at www.rootfest.net/squatters.html [rootfest.net]

Privacy, under age, radios... (0)

nsanders (208050) | more than 6 years ago | (#21171527)

When I first purchased a domain back in 1997 (for $75/yr) I was under the age of 18. I used bogus information because I did not want people to be able to retrieve my personal information. Since then, I have continued to use bogus contact into on almost every registrar.. Well, not too long ago I started getting contacted by various OpenSRS registrars saying my information was incorrect and that I needed to update it. I replied saying that if they supply a service that hides my information from public WHOIS servers I will happily give them my info, most of them did no offer this.

I have to agree that the WHOIS system is a nightmare. More registrars need to support cloaking of email and contact info. I AM NOT A BUSINESS. I do not want my information being public..

And actually, the same thing goes for HAM handles.. I hate the fact that you can lookup the home address of anyone who talk to on the radio.. That also needs some kind of "opt-out" option for those who don't want their info public.

Re:Privacy, under age, radios... (1)

Ash-Fox (726320) | more than 6 years ago | (#21172627)

And actually, the same thing goes for HAM handles.. I hate the fact that you can lookup the home address of anyone who talk to on the radio.. That also needs some kind of "opt-out" option for those who don't want their info public
I think this is country specific, because when I try to look up British callsigns, unless they provided information on qrz.com, I find no information.

I'd Rather it Be Accurate than Abolished (3, Interesting)

InitZero (14837) | more than 6 years ago | (#21171541)

It used to be when I had to contact someone, the whois information was accurate, complete and, when I dialed the number, I got a live human being that actually was able to address my issue. And, life was good.

Now, it seems even reputable domains are hiding behind private registrations or have outdated or deliberately incorrect information. Bleh. Problems that used to be able to be solved with a pleasant phone call now require hours of my time if the task is even possible.

So, my first choice would be that whois domain information take a giant step backward to the days when it was useful information. If that isn't an option (and going back in time rarely is possible), get rid of it altogether.

Abolish (1)

iknownuttin (1099999) | more than 6 years ago | (#21171783)

So, my first choice would be that whois domain information take a giant step backward to the days when it was useful information. If that isn't an option (and going back in time rarely is possible), get rid of it altogether.

OK. WHOIS is being used as a source for marketers for use use all over the World.

I don't have the time or resources to take calls from Joe in Seattle who wants to sell me his company's ASP.NET expertise (especially when I'm a LAMP operation)!

Re:Abolish (1)

dkf (304284) | more than 6 years ago | (#21171887)

I don't have the time or resources to take calls from Joe in Seattle who wants to sell me his company's ASP.NET expertise (especially when I'm a LAMP operation)!
Remember, you're allowed to just say "Fuck off." and put the phone down.

Re:Abolish (1)

tftp (111690) | more than 6 years ago | (#21171971)

Even that will cost him 15 seconds of his time, and probably a few minutes more to regain the lost thought. Can you work at all if telemarketers call you every minute? They can, there are enough people in the world (or even in the country) who are not qualified for anything better.

Re:Abolish (1)

InitZero (14837) | more than 6 years ago | (#21171921)

> I don't have the time or resources to take calls from Joe in Seattle who wants to sell me

        I'd spend 20 minutes a month telling sales holes 'no' than spend five hours trying to track down an admin at another site to fix a problem that, when I get the right person, takes five minutes to fix.

        Matt

Re:I'd Rather it Be Accurate than Abolished (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21171795)

I would rather get rid of it altogether. My privacy is more important than your inconvenience.

For seven years, I administrated a support site for people with mental illnesses. A small minority of these people were very difficult to deal with and were not averse to making threats, accusations, and generally transferring all their difficult feelings onto the most convenient 'authority' figure available. Needless to say, I would not want such people having my telephone number or address.

I'm reachable through email. I've paid to be reachable through a (snail) mail forwarder. That should be enough for anyone.

*ring ring* (1)

circletimessquare (444983) | more than 6 years ago | (#21172095)

"hello?"

"hi, this is some random yahoo you don't know who is looking at your website. i have my own agenda about what needs to be 'fixed' on your website. whenever i go to your website it doesn't do x, and i want that done"

"oh, ok sir, we'll get right on that, give me a few hours"

when was that ever a valid scenario for you

i hope you're talking about fighting email spam or worms from rogue domains

Re:*ring ring* (2)

InitZero (14837) | more than 6 years ago | (#21173307)

I know that interpersonal voice communications conducted over an old fashion telephone line between peers is the antithesis of all that is the tech world and Slashdot. Still, it can be rather effective at times.

True story...

I was the IT Director for a mergers and acquisitions company. We were a couple days away from closing on a mid-sized ($72 million) transaction. Money had already been wired into escrow. We are in the United States but the company's owner was vacationing in South Africa. The company we were buying was based in the Dominican Republic so there was local counsel there. The company from which we were buying the Dominican company was based in the Cook Islands. The law firm -- a fairly large international firm -- coordinating everything was out of the Netherlands. Documents were zipping back and forth by email pretty much around the clock given the time zones involved.

Then, for some reason, the email stopped. Test messages when through from all the parties but all the documents failed. We thought it might be file-size related but large test documents went through fine. The lawyers we were working with out of the Netherlands didn't know who did their network/email support -- it was handled out of another office. They couldn't come up with anyone who knew anything about the problem in hours of trying to track someone down. Without a complete set of documents (several hundred pages) executed by all parties, the transaction would be delayed.

(Delaying the closing even by hours is a massive and costly pain given the number of people and amount of money involved. Homework: calculate the amount of interest $72m throws off ever hour.)

Faxing large quantities of documents for review was out of the question. FedEx or another overnight carrier would delay the closing. Not to mention, it would slow the final revision processing.

Using whois, I called the technical contact for the domain. He immediately handed me off to their mail guru. After I explained the problem, he checked his change log and found a half dozen new regular expressions were added to their spam filter about the time we started having problem. Seven characters of the eight-character transaction code we were using in the filenames on all the documents happened to be the same as a banned regex that had been added. Once the regex had been removed, everything worked and we closed on time.

Total time from 'whois domain' to problem resolution: less than half an hour.

Had I not been able to get the mail guru on the phone or by email, we would have delayed the closing. We would have had to come up with an alternate document transport. We would have had to notify and train all parties in the alternate document transport. It would have been ugly.

So, in short, if I have a problem with your domain, I'd like a number I can dial to speak with a competent human being.

*ring ring ring* (1)

stefanlasiewski (63134) | more than 6 years ago | (#21173559)

"hello?"

"Hi Sir, this is Jack from DomainsRus. We want to warn you that your domain will expire 'real soon now' (9 months) and that you better register your domain IMMEDIATELY or you will lose your website. Registration only costs $159.99! Can I have your credit card number?"

-- or --

"Hi Sir, this is Jack from DomainScam.com. I want to BUY your domain!"

-- or --

"Hi. I was calling for ... ... Steee-faaan. Stee-faan, I found your resume online and I think I have a job opportunity you might be interested in. Do you work with ... ... Inter-web?"

WHOIS isn't needed today for domain names (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21171575)

The main problem is that ICANN wants to use whois for a different purpose than the original one. Originally whois was used for providing techincal and administrative contacts for networks, which back then more or less mapped to 2nd or 3rd level domain names. These days the owners of domain names are mostly individuals who do not manage the networks that serve their domains and would be pretty useless to contact using this method. Nowadays, you would look at the ARIN data to see who is responsible for the network.
What ICANN wants to provide is an easy method for the Lawyers of corporations to go harassing people that hold domain names their companies want to use.

Re:WHOIS isn't needed today for domain names (0)

Anonymous Coward | more than 6 years ago | (#21173855)

These days the owners of domain names are mostly individuals who do not manage the networks that serve their domains and would be pretty useless to contact using this method.


Then set your technical contact to who ever your service provider is and your admin contact to your accounts payable department (or accountant, or who ever gets your bills and handles payment).

stalker "found" me thanks to WHOIS (5, Interesting)

gsfprez (27403) | more than 6 years ago | (#21171583)

i sold an old Mac laptop with system 7.5 to a girl for $200 with a printer about 7 years ago. She had little money, and for what she needed - a way to type homework in her dormroom and print it - $200 seemed reasonable - it did what she told me she wanted it to do, and she tested it at my place and everything worked just fine (2 cheers for Word 5.1 on system 7!). I made it clear that this was *not* an internet workhorse, and that if she wanted that, she needed to go to the bookstore and buy a new computer. "No no, i just want to type papers and print them in my dorm room".

So, of course, the first thing she did was attempt to install a bunch of new internet software (browsers, school's First Class server client) on it which of course didn't work. Then she took it to the school helpdesk, and they (rightly) had no idea what to do, so instead of telling her to get jammed, they screwed it up completely. So, she calls and says she wants to return it because it doesn't work. I'm like - yeah, what the hell do i want with a fscked up powerbook and printer? I don't want to buy it - i just sold it to you like two weeks ago.

time passes... and i start getting threatening emails from some guy on a yahoo account with ($myname)fucker@yahoo.com. Then he starts saying that he's going to come after my wife and hes watching her car when she comes home at night. That was fscking it. Its the girl's mental patient boyfriend.

Long story short - he was actually stalking whoever in the hell was in my old apartment - it was pure coincidence that the new tennants also owned a Honda Civic too.

Where, do you think, he got the address? Of course, from my whois entry when i didn't have any money to buy a PO Box.

Yeah, if you think i'll ever give out my information to my actual home or office location - ever - you've gone daisy, my son. ICANN and everyone else can demand all they want that my info be correct - but i don't answer to them, so they can kiss my ass.

In fact, because of this, a guy who started, then stole, the website of a non-profit (they've set the donations address to their address, but the actual non-profit is in Africa, so its hard for them to fight the problem) is going to be getting a legal foot up its ass because i know where he is and where he lives and his work address - all because he's broadcasted it in whois and on his webpage.

ICANN can't make me do anything.

Re:stalker "found" me thanks to WHOIS (5, Insightful)

LiquidCoooled (634315) | more than 6 years ago | (#21171831)

Wouldn't it be more likely that the stalker got your address from his girlfriend?
Afterall you just said she came to your house to check out the computer.

Re:stalker "found" me thanks to WHOIS (1)

gsfprez (27403) | more than 6 years ago | (#21172911)

my place - i meant my office.

Also, "boyfriend" may have been a strong term... they were "sorta" dating... he was trying to impress her by getting her money back from me... but she wouldn't have anything to do with him when this whole thing started.

She was actually not a bad person - and she felt bad about the whole thing. She was just being unreasonable about the computer... i offered to re-clean up the machine and put it back the way it was when i sold it to her for $25 (for my time - probably $5 an hour given how long it took to install 7.5 via a laptop scsi drive), but she decided against it, got $100 for the laptop and printer in the pennysaver, and her parents bought her a proper laptop - which is what she should have done all along.

Long story shorteded... in the end, i told the police, and they contacted the people in my old apartment and then a restraining order... he was tough and mean when he thought he was invisible, but once i figured out who he was, where he was emailing from looking at the headers (using yahoo from his work - i found his work's address and web information via... whois!) and after i called his boss and let him know that he was using the work computer to threaten me... and then the cops got involved, he was like all the bullies that used to beat me up in junior high school - a tough fascade, but get police and lawyers involved, 99% of people chump out.

plus, i had (and still have) a shitload of guns - and i'm a good shot (per the military, not my huberis), so i was more annoyed and pissed than scared at any point.

Re:stalker "found" me thanks to WHOIS (2, Insightful)

InitZero (14837) | more than 6 years ago | (#21171865)

> if you think i'll ever give out my information to my actual home or office location

        Don't confuse privacy (or safety) with anonymity.

        Just because you don't give out your address doesn't mean you're safe. A false sense of security is often worse than a real sense of caution or even fear.

        What's the goofy slogan bantered around Slashdot so often? Security through obscurity and all...

        Matt

Re:stalker "found" me thanks to WHOIS (1)

nuzak (959558) | more than 6 years ago | (#21173131)

Information that isn't there AT ALL isn't "obscure". It's INACCESSABLE.

Here's how you tell the difference:

My real name is "puneyrf h. sneyrl", but that's encrypted in a really secret way that I won't tell you (and no it's not REALLY my name).

My home address is out there on the net somewhere. Go tell me what it is.

Re:stalker "found" me thanks to WHOIS (1)

name*censored* (884880) | more than 6 years ago | (#21173549)

/WHOIS nuzak

stop hiding and take responsibility (0)

CarpetShark (865376) | more than 6 years ago | (#21171931)

The way I see it, you have two choices here:

* you could use it as a lesson in being secretive and hiding.
* you could use this as a lesson in treating people more compassionately

Note that the first option is completely unnatural: in the normal social interactions we all evolved for, you can't talk to someone while keeping everything about you secret. Sooner or later, you have to face the responsibilities that come with being able to affect other people's lives.

Re:stalker "found" me thanks to WHOIS (1)

tftp (111690) | more than 6 years ago | (#21172321)

Well, this is exactly why I do my best to never sell anything privately, especially such a complicated thing as a computer. In the gsfprez's case it's obvious that the sale was not very profitable. The sale was legal and all that, but some people just don't understand what they are buying, and even if they do they like to think that the sale contract can be changed at will, at any time, as long as one side wants it bad enough. Do you think this girl's boyfriend would be stalking the local Fry's manager, for example? He'd be in jail already, convicted upon one phone call to the said manager at work (which was recorded "for quality assurance purposes".)

The same prohibition covers service of personal computers of my friends and acquaintances. The rule of thumb is simple: just don't do it. It's not worth the trouble, and even if you are paid for the initial visit there will be always a follow-up, one after another, until you are in loss for a hundred hours of labor, then you start hiding. And threats - I have no illusions about that either, even from people that I know as "normal". A phrase "you came yesterday and broke my Internet" is probably familiar to many /.ters. Just don't do it.

And BTW, I also have a PowerBook 5300c with System 7.x loaded, and I am not selling it :-) Though I have no clue how to use it these days.

Re:stalker "found" me thanks to WHOIS (1)

Bill, Shooter of Bul (629286) | more than 6 years ago | (#21172379)

The lesson I take away from your story is to never ever sell someone a computer that wont do what they want it to do, even if they tell you they don't want to do it. Plus, Macs with out OSX are worth less than nothing, charging anything for them should be a felony.

Re:stalker "found" me thanks to WHOIS (1)

barzok (26681) | more than 6 years ago | (#21172815)

Read his post again. He sold it to her seven years ago. OS X may not have even been out yet (depending upon when in 2000 it was).

Re:stalker "found" me thanks to WHOIS (1)

Bill, Shooter of Bul (629286) | more than 6 years ago | (#21173955)

Yes, I read that. Macs, IMHO, were crap back then. They weren't worth $200 new. I say this as an owner of 2 macs now.

Re:stalker "found" me thanks to WHOIS (1)

Sloppy (14984) | more than 6 years ago | (#21174011)

Your problem isn't whois. Your problem is that there are crazy people in the world.

If I'm psycho, I can drive up Jeopardy Lane, randomly pick the house at address 9764, and start harassing them.

WHOIS can be useful, but it's often not. (1)

mr_mischief (456295) | more than 6 years ago | (#21171659)

It does me no good to try to contact someone through WHOIS with their nonexistent email address, their disconnected phone number, and their fake shell company. In those instances where I can work out a networking problem with a legitimate company, university, or ISP based on accurate WHOIS info, it makes life much easier than calling a techno-peasant receptionist and explaining who it might be int what possible department that might handle the kind of thing I need to talk to someone about, only to find out that the network is provided by someone entirely different.

In all, I'd say that ARIN's, RIPE's, and APNIC's IP-based WHOIS are much more useful than any of the domain registrars' collective WHOIS systems. If I'm contacting someone about a site and there's no contact info on the site itself, the WHOIS is probably useless anyway. If I'm working on a problem of wacky routing, mysterious traffic origination, packet loss, or the source of an attempted security breach, contacting the IT people in charge of the network in question directly is often the fastest and easiest way to get things resolved. There is no other reliable place to find solid information on who to contact about the IP space, which is different from a website that usually has that information in-band. Reverse DNS can be useful, but it's far from reliable and still doesn't give me the contact info.

Private domain registration is a pain, but it does solve the spam problem of public WHOIS information. I can think of alternatives, but none of them are clearly much better. However, as I already said, I think the domain name WHOIS services are less useful and less important than network WHOIS anyway. For network WHOIS, private registration shouldn't even be considered.

Re:WHOIS can be useful, but it's often not. (0)

Anonymous Coward | more than 6 years ago | (#21171907)

A month ago, the registrar that I used to get my domain changed my dns servers on me. I had paid out through the year 2013 in 2003. Since I had done that, I've had several different computers and crashes. I'd forgotten my login info and couldn't even remember what email I had on file with them. I was able to get the email I used from WHOIS and was able to get my site up and running (I create throw away emails to register with anything, usually I write it down, but at that point in my life, I wasn't). So I would have been screwed without WHOIS.
<br /><br />
(Posting anonymously because I modded)

It's a matter of publishing (1)

Red Flayer (890720) | more than 6 years ago | (#21171679)

The internet is a venue for free speech, and any discussion of privacy concerns need to keep that in mind. From the American perspective, free speech is sancrosact, and one guarantor of free speech is anonymity. WHOIS (in theory) removes the ability to publish anonymous content via a self-owned website.

Most of the people clamoring for WHOIS to remain are those who have intellectual property to protect (especially trademarks). Without getting into a debate about whether trademarks should exist (please! that's for another discussion), something like WHOIS is necessary for people to protect their trademarks -- and the current law in the US requires this.

So the basic discussion is to weigh the interests of IP holders against any free speech infringement that WHOIS creates.

In my thinking, there are plenty of other ways to publish anonymously on the internet. Registering a website is not required; therefore, identification requirements for registering a website don't really infringe upon free speech -- especially considering that it is trivial to enter fake information for WHOIS registration.

One possible solution would be to require registration information, but then to not allow public access to the information. Those who wish to pursue action against potential trademark violators could then get a court order for the registration information to be unsealed. While this would in theory help safeguard privacy, it's only as safe as the court system (and by extension, the laws that guide the court system) that applies. It also runs into problems with international registrations, and if ICANN is in theory an independent body, hands too much power over to a particular government. Finally, it adds even more bureacracy to what should be a free flow of information.

In the long run, I think the only mutually beneficial solution is to require information to be registered, but find a way to limit access to that information to legitimate requests. This may be an impossible task, in which case we should all just throw up our hands in despair and let anarchy reign in the tubes.

Re:It's a matter of publishing (1)

tomstdenis (446163) | more than 6 years ago | (#21172017)

It's also a matter of liability. If someone is putting up illegal content (libel, slander, kiddie porn, warez) it would be nice to know who owns the domain [and presumably the servers it points to].

And as I'll point out for the 20th time on Slashdot ... "freedom of speech" is FROM THE GOVERNMENT, not private citizens. If AT&T doesn't want to host your website anymore, that's up to them, not you. At most it's a breach of contract not a violation of the 1st amendment.

Tom

Re:It's a matter of publishing (1)

Actually, I do RTFA (1058596) | more than 6 years ago | (#21172609)

. "freedom of speech" is FROM THE GOVERNMENT, not private citizens. If AT&T doesn't want to host your website anymore, that's up to them, not you.

I would contend that all corporations, but especially ones granted a governement monopoly, are not private citizens. In fact, to some (but an insufficent) degree, the government is making them act more like the government than a private citizen. To wit, IBM cannot have a policy of not hiring [insert racial epitat here]. I think the federal government should go farther and refuse to allow companies randomly drug test employees, as one example.

But I do believe that telcos should not have the right to police content.

Re:It's a matter of publishing (1)

tomstdenis (446163) | more than 6 years ago | (#21173017)

When they become a monopoly one could argue they're a common carrier at that point, that for the greater good of society they charge a fair price and do not restrict the content (much like airlines and the like).

However, I don't think ISPs fall under that.

The problem with taking away liability [e.g. ability to police content] from the telcos is you leave a void. If I can't find the owner of a website, and I can't force the telco [or isp] to remove illegal content, then we have anarchy. You'd be free to say whatever you want no matter how patently false and inflamatory. Businesses would fail, and peoples lives would be ruined.

I think there already is too much irresponsibility on the web (hint: look at usenet and email). In my case, some arse on usenet decided he didn't like me and started spreading kiddie porn with my name on it. Since usenet is pretty much a free for all, they have yet to be brought to justice. However, on my end, it nearly ruined my life. Lots of fun that is! Y0 free speech it's the be-all of existence.

Excuse me while I don't share your feelings.

Re:It's a matter of publishing (1)

Actually, I do RTFA (1058596) | more than 6 years ago | (#21173941)

The problem with taking away liability [e.g. ability to police content] from the telcos is you leave a void. If I can't find the owner of a website, and I can't force the telco [or isp] to remove illegal content, then we have anarchy.

I agree that this is a problem. If someone invents a way where the courts can be used to give such a directive, I doubt I would fight it. But I have a very large problem with telcos filling that void. I think it is properly a government function and that it should not be outsourced to corporations. The telcos will not filter the usenet for you, and I trust them not to abuse that power as much as I can throw them (which is no distance because they are ephemerial entities).

Anonymity on the 'net has both boons and banes. But that is a different topic altogether then whether telcos should have to protect first amendment rights. After all, anonymity is not guarunteed by the first amendment.

Of course, it is next to impossible to police the internet because of the innumerable proxies, etc.

Re:It's a matter of publishing (1)

networkBoy (774728) | more than 6 years ago | (#21172991)

That is true, but in the case of a company (Farmers) threatening you with lawsuits because of your website's assessment of their service, the first amendment prevents the legal system from enforcing their wishes to take down your site...
-nB

Re:It's a matter of publishing (1)

tomstdenis (446163) | more than 6 years ago | (#21173091)

Exactly. The point is, the 1st amendment stops the government (on behalf of the people or selected complainants) from abridging speech. Get the same bs when people complain about being searched at Best Buy. The protection against unlawful search and seizure is simply from agents of the state. When a security guard searches you without first asking permission or performing a lawful citizens arrest, they're committing an assault. Different laws.

But all too often people trump out "their rights," it'd be nice for once if they actually knew what they were.

Re:It's a matter of publishing (1)

roguetrick (1147853) | more than 6 years ago | (#21172113)

You're mistaken to think that WHOIS is purely a IP tool. A verifiable whois could give swift justice to those who practice fraud in the various ways they could do it. I'd hate to think that businesses could only hold themselves on the net by reputation alone, as there is no way to push it farther than that.

Re:It's a matter of publishing (1)

Anonymous Coward | more than 6 years ago | (#21172141)


The internet is a venue for free speech, and any discussion of privacy concerns need to keep that in mind. From the American perspective, free speech is sancrosact, and one guarantor of free speech is anonymity. WHOIS (in theory) removes the ability to publish anonymous content via a self-owned website.


Bullshit!

Tell John-fucking-Hancock that a "guarantor of free speech is anonymity." Anonymity is for short-dicked cowards who want to throw verbal bombs over the wall but don't want to be called to task for anything that they have to say.

If you want to make a real contribution to the political dialog, stand up and be counted. Anonymous comment is pointless, and in the end, just another form of masturbation.

Grow a god-damned backbone.

Re:It's a matter of publishing (1)

Red Flayer (890720) | more than 6 years ago | (#21172583)

Niiice...

For a second I was going to point out how important anonymous pamphlets were to the American Revolution (especially leading up to the Revolution)...

And then it clicked.

I tip my hat to you, whoever you may be.

Re:It's a matter of publishing (0)

Anonymous Coward | more than 6 years ago | (#21173109)

I'm very upset because I don't think anybody's gonna get that.

The Domain Registry of America (2, Informative)

daedalusblond (1037302) | more than 6 years ago | (#21171717)

Anyone who has had to deal with the Domain Registry of America will understand this.

Soon after one of our clients register a domain with us, these lovely people will send a very convincing snail-mail to the customer based on their whois data with a payslip attached, saying words to the effect of "Your domain will expire unless you register with us!"

In the UK, the Office of Fair Trading seem to have turned a blind eye to this despite numerous complaints.

-daedalusblond

Re:The Domain Registry of America (1)

Late-Eight (1026794) | more than 6 years ago | (#21172499)

I had the same problem involving a customer about a year ago, and it did look very convincing, except that it was sent by post not email. It was only because the customer decided to run it by me first that they avoided the scam.

Ops (1)

Late-Eight (1026794) | more than 6 years ago | (#21172675)

The parent post said snail-mail, I misread it and thought they said email - I Should have double checked before I posted my bad.

email too (1)

oyenstikker (536040) | more than 6 years ago | (#21171817)

So when are we going to replace email with Internet Mail 2000?

Scrap it (1)

Wowsers (1151731) | more than 6 years ago | (#21171829)

But, if you scrap Whois, you remove a nice money earner from registrars from people / sole trader businesses, that pay extra for their domains / renewals to be protected against their personal data from appearing in Whois.

It'd be nice for Whois to not exist, but I doubt it ever will be scrapped.

What's ICANN going to do? (0)

Anonymous Coward | more than 6 years ago | (#21171867)

Considering how ICANN doesn't seem to get anything done, or done well, they should probably become ICANT.

I own several domains, and agree completely. (2, Insightful)

sherriw (794536) | more than 6 years ago | (#21171973)

I own a number of domains and I completely agree that the WHOIS system needs a major overhaul. For one or two domains I actually purchase extra whois privacy from GoDaddy, but for the most part this is just added cost for me to patch a broken system. Why can't I pick and choose what info to show?

On top of it, if I own a .ca domain, I'm forced to use my real name not my company name and my .ca registrar does not offer domain privacy on .ca domains.

I get a ton of spam to the email address I use for my domains, so this address has it's anti-spam set WAY up. I even get occasional phone calls about my domains- usually scams, but recently it was a good thing because I sold one of my domains for $5K (though why the person couldn't just use the contact info on the actual website is beyond me).

But, basically I think you should be able to opt for privacy at no cost. Seems like a no-brainer to have a privacy flag as part of the database. Or maybe provide a url of a contact page where you can determine what to show or just provide a contact form box.

Re:I own several domains, and agree completely. (1)

Anonymous Coward | more than 6 years ago | (#21173665)

On top of it, if I own a .ca domain, I'm forced to use my real name not my company name

Not true. A .ca domain name can be owned by a Canadian company. If it's owned by a company, the whois info reflects the company ownership and company address.

The .ca people do want a contact person though - the name of an employee who manages the domain name. Now, how do the .ca people know that the contact person is an employee? They ask the company. So make up a fake employee name, and if anyone calls for that fake employee, you know what they are calling about.

I am suing Moniker for providing anonymous whois (3, Interesting)

www.sorehands.com (142825) | more than 6 years ago | (#21171989)

I am suing (http://www.barbieslapp.com/spam/e360/timeline.htm) Moniker for providing anonymous whois to David Linhardt (http://www.spamhaus.org/organization/statement.lasso?ref=3).

Moniker has been providing Linhardt/e360Insight, with hundreds of anonymous domain names. This makes it difficult, if not impossible, to determine which domains are his. With anonymous registration you cannot tell if the 1000 of spam you received today are from 1000 different companies that may have mistakenly added you to their list or from one hardcore spammer.

Legitimate businesses have no reason to hide their identity.

Re:I am suing Moniker for providing anonymous whoi (1)

damn_registrars (1103043) | more than 6 years ago | (#21172313)

I wish you good luck with that. Far too many registrars have intentionally sold WHOIS obfuscation services to known spammers. I encountered the same thing with "Leo Kuvayev / Alex Rodrigez / BadCow", who took advantage of those services from several registrars (pacnames.com comes to mind immediately).

At least you found a registrar that you can sue over that. Most of the ones I have encountered thus far have been based in other countries (or at least claiming to be), which of course makes a lawsuit pretty well worthless.

Fix it or flush it (2, Insightful)

Opportunist (166417) | more than 6 years ago | (#21171991)

What is it useful for? To contact a domain owner and inform him about abuse or fraud, or identify someone who is using a domain for criminal activity. So far the theory.

In practice, you can rest assured that not a single domain used for things like ID theft has ever been registered to a real name. Earlier, they registered with registrars who didn't check information (so you had funny entries like some guy whose information was already grabbed in an earlier phish registering a domain for a server in Malaysia), and when registrars felt the pressure, they simply use registrars now that allow you to put their name in instead. Complaining with those registrars results in a "we're looking into it" until the domain is no longer used by the ID thief, so the problem solves itself.

So either require people to put in truthful information and remove registrars that don't comply, or get rid of it altogether. In its current state it serves no useful purpose. The current system only aids criminals, on both ends.

Re:Fix it or flush it (1)

CarpetShark (865376) | more than 6 years ago | (#21172995)

What is it useful for? To contact a domain owner and inform him about abuse or fraud, or identify someone who is using a domain for criminal activity. So far the theory.


Getting rid of whois on that basis would be "throwing the baby out with the bathwater", as they say. There's nothing wrong with the tool -- just with the tools who allow incorrect data to be entered.

Re:Fix it or flush it (0)

Anonymous Coward | more than 6 years ago | (#21173145)

I dunno... Ever get an email or a url to intriguing info handed to you that sounded like it was too good to be true or that you were curious to see if they were on the up and up? You dig/nslookup, but the A record isn't helping any, as it's pointing to an IP. Then you whois to see where the IP is registered. If the email header said it was from a business iin Arlington Virginia, but the whois say the block of IPs your item of interest lives is registered to some provider in China, then something is really fishy.

It's just another tool, albeit one of limited trustworthiness nowadays. Other posters have already made the point that the information is often delibertely not all that accurate, so it's of limited phishing value: which seems to be the main argument against it and is therefore moot. However, it still points in the vague direction of the owner of record, which can be useful knowledge to have.

Idea for a More Functional WHOIS (1)

Apple Acolyte (517892) | more than 6 years ago | (#21172101)

WHOIS is rather lame because of fake data, and most who fake data do usually do so because they don't want to give worthwhile contact details to the whole world. However, a lame WHOIS is better than no WHOIS in my opinion. I think it's valuable to have at least a registrant name provided in WHOIS, at the very least to serve as some record of who originally registered a given domain name in the unlikely but not unheard of issue of hijacking. I think perhaps ICANN should build and maintain a private contact database and fund it through an additional $1.50 fee on registrations. ICANN would provide a special privreg@icann.org address that one could email to contact the registrant (with strong spam filtering). I administer a fairly high profile site, but my webmaster address really doesn't get that much spam - that's why I think my proposed solution would work well in most cases. A person get a valid email address to contact and not much else. Finally, if the person wishing to contact the registrant wants a physical address of the registration, ICANN should require nothing less than a court order. That's my initial idea - how do you like it?

What could be used for business accountability ? (3, Insightful)

damn_registrars (1103043) | more than 6 years ago | (#21172199)

I would say the best use of WHOIS is when you need to contact the owner of a business domain. Like many others I've seen boatloads of complaints from people here about their own private domains and how badly they hate WHOIS.

To those private owners, I could care less if their home information is available through WHOIS, as long as they aren't selling illegal merchandise through said domain and pumping spam for it all over the world.

However, when international criminals register domains to sell pirated software / bogus pills / etc ... I do believe WHOIS is still useful. When you can obtain the WHOIS information for the criminal domain, it gives you someone to contact about that activity. People who care enough to do this have managed to progressively change the policies of registrars who were frequently used by spammers for nefarious purposes.

And further investigation into WHOIS data can lead someone to even more critical information, as well. Being as the WHOIS record contains information on the DNS servers that are resolving the domain, a person who wants to really dig deep can find where those were sold as well. A little hint: the spammers often use only a short list of DNS servers for a large number of their domains.

So in summary, before people rally around ICANN with pitchforks and torches to demand the demise of WHOIS, I ask you please consider a solution for the applications where WHOIS is still useful before insisting that it goes away completely.

Re:What could be used for business accountability (1)

zoomshorts (137587) | more than 6 years ago | (#21172817)

Simply require accurate information be input. If it cannot be verified, delete the domain
and make it available. Dis-allow secondary 'registrars' from using false information. Cut
them out of the picture.

Everyone who has a domain name, needs to be held accountable. Simple. No big deal, unless
you are a low life asshole. THEN you need stopped from ever registering ANYTHING ever.

www.zoomshorts.com WHOIS pulls my info up just fine. :P

Yes it needs an overhaul - in the other direction. (1)

DaveWick79 (939388) | more than 6 years ago | (#21172621)

I think that WHOIS should be required to keep an accurate, legit database of domain registrants. Registrants of domains should be required to have at the least a verified mailing address and phone number, and logically an email address as well so they can communicate with the registrar.

Compare having a domain to purchasing real estate. You would never get anywhere trying to rent or purchase a retail location with a bogus name, address, phone number, email address, etc. I think domain registrants should have the same level of accountability as the brick and mortar establishment. This is where it would be advantageous to have personal domains as a separate top-level domain for which private information would be kept private.

I believe the exact opposite... (1)

PortHaven (242123) | more than 6 years ago | (#21172709)

I believe there should be NO PROXIES for domain name info. I think having such feeds into SPAMMERS. I'd rather be able to go to a WHOIS and find out who the heck is SPAMMING me and get them to stop. (I've done this on a couple of occasions.)

- Saj

Whois is very important, don't scrap it (2, Insightful)

guruevi (827432) | more than 6 years ago | (#21172727)

I use whois everyday to check domains and IP's from command line. The simplest way to get an IP range is just "whois xxx.xxx.xxx.xxx" and then block/allow the whole range depending on your needs.

It's an invaluable network tool and just like DNS, you can't just scrap it. That there is abuse is always going to be a problem and that can be done with any list you put your data on. Ever wondered why you get so much credit card offers in your mailbox? Yes, it's because your name and address is somewhere on a list and most likely you have put yourself on it by using your address with either a banking institute or a vendor. You can't stop abuse by taking away services just like you can't say that you are going to solve those credit card offers in your mailbox by removing the postal services. If you do, the abuse is just going to shift from whois to your webhosters' site or DNS just like the credit card offers will be carried out by FedEx or UPS.

Businesses are not entitled to "privacy". (2, Informative)

Animats (122034) | more than 6 years ago | (#21173175)

The actual ICANN report, [icann.org] shows they're deadlocked, all right. See this timeline. [ncdnhc.org]

Most of the privacy advocates are referring to the European Directive on Privacy. That only applies to individuals not engaged in business. For businesses, the The European Electronic Commerce Directive (2000/31/EC) [sitetruth.com] applies. And it's very clear. Any "natural or legal person providing an information society service" must disclose name, real-world address, and E-mail address. No exceptions.

California has a similar law. It's more narrowly drawn, only applying to sites that take credit cards, but it's a criminal law - six months in jail for not disclosing the "actual name and address" of the business.

WHOIS policy should take that into account. There's a legal obligation to disclose name and address information for businesses. It's not optional.

Our SiteTruth [sitetruth.com] system is based on these laws. If a web site is selling or advertising something, and we can't find a business name and address for it, its rating is toast. We scan each site for human-readable postal addresses (some people would call this "semantic web" technology). We check commercial business databases. We check SSL certificates. We look at Open Directory. If we can't find a business name and address after doing all that, the site's rating is a red "do not enter" sign, and we kick them down to the bottom of search results. Once we have a business name and address, we have something to look up in business databases, corporation records, business license records, credit ratings, criminal records, etc. Plenty of data is available about businesses once you have a name and address. No more "on the Internet, no one knows if you're a dog". We know.

We haven't found WHOIS data very useful in doing this. WHOIS data quality is awful. Many entries are phony. Mailing addresses on the web site itself tend to be more accurate. Using a phony business address is felony fraud in most jurisdictions, so that's relatively rare, and mostly shows up on phishing sites. So we cross-check with anti-phishing databases to kick those sites out.

It's quite possible to use this approach to check WHOIS information in bulk. If ICANN actually cared about WHOIS data quality, they'd check the data against postal databases and business databases. They don't.

In addition to contact info, however... (1)

SCHecklerX (229973) | more than 6 years ago | (#21173449)

...at my last job I would use it a lot to lookup the full range of netblocks for mail servers that did not behave well with greylisting. Mail farms with greylisting when the other end treats 4xx's like 5xx's is annoying.

It's also the method I used to stop abusive networks (usually in china) from hitting ours. You know one address, you can find the full range assigned to them using whois.

For DSL customers (1)

value_added (719364) | more than 6 years ago | (#21173569)

I remember years back when I first got DSL and, for a lark, ran a whois lookup on my IP address. I nearly shit my pants when my private customer info with SBC appeared. So much for anonymity on the internet, I thought.

For anyone who does have DSL, or otherwise is spending their time pretending to be a 16yo girl on usenet, this link [dslreports.com] might be helpful to get yourself a more appropriate "Private Customer" designation. I'm sure cable users have a similar option available to them.

The lesson I took away for the experience is even if you want your own domain and you're just an individual, get a lawyer to set up things for you and have his name and address appear on everything. It may be worth the extra few hundred bucks a year.

Reasons to dislike whois (4, Interesting)

Tolvor (579446) | more than 6 years ago | (#21173649)

I have had a long dislike of whois.

For one it gives people a major way to steal domain names. People look up the domain name that they want in the public record, find the email address, and try to crack the email. If they can get the access to the email then more than likely the domain can be stolen. Then us poor techs get a call several months later from the true customer wondering what happened to their domain. Whois reveals too much information.

Secondly it isn't accurate. People see their name in whois and think that means they get to make decisions on the account/domain. Just because your name appears in whois does not mean you are listed on the account itself. But try explaining that to their ex-(terminated)-webmaster.

And lastly WhoIs is a major pain to explain. Try telling a paranoid customer that all domains appear in whois, and that you can't remove a domain itself from whois. My sup can't remove it from whois. The president of MegaDomainRegistrar can't remove it. Sorry, no, I don't have a phone number for ICANN. We can hide the info, but we can't make it disappear.

But then to be fair, I can't think of an alternative system to keep the domains and websites fair and accountable. Compaining to a registrar/webhoster about a domain/site is next to useless unless it is unquestionably illegal or definately a trademark issue. Most cases get shunted to the legal department which give the unhappy complaintant a copy of the AcceptableUsePolicy and asked to submit proof of infraction (yeah, good luck). Usually it takes a dedicated lawyer to get things done in these cases. So for now, whois stays.

Domain names EXIST to make you findable (1)

Sloppy (14984) | more than 6 years ago | (#21173895)

I think this is crazy. The whole point of having a domain name, is so that people can look you up and contact you. If you don't like that some of them do contact you, or that some of them contact you for purposes other than what you intended (they send you a Viagra ad instead of a HTTP request) then get over it. Or tell people to use your IP address instead of a name, or live within someone else's domain (there isn't really anything wrong with your personal web page being at http://someisp.com/~yourname [someisp.com] ).
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...