from Hacker News

WHOIS blackout period likely starting in May

by morninj on 5/15/18, 5:06 PM with 156 comments

  • by clay_the_ripper on 5/15/18, 11:30 PM

    I really wish WHOIS would go away forever. There is absolutely no point to it. If you don’t pay to get your name private, you get SPAMMED to such an incredible degree, it’s absolutely awful. Literally 10+ calls a day, emails voicemails. So you have to buy the “privacy protection” thing, which defeats the whole purpose anyway. All WHOIS does is create an industry of people selling privacy to WHOIS. This whole narrative about “journalism” and it being used for research sounds like nonsense to me. Something tells me these people have a vested financial interest in this. Would love to hear an alternate point of view on this.

  • by kbar13 on 5/15/18, 6:05 PM

    domain registration data is in a weird place for the modern internet. I can see the value of having a real registry when it was first developed, but now it seems like a pretty easy way for people to shoot themselves in the foot with regards to privacy. Also, some registrars charge a premium for WHOIS privacy. It should not cost extra to have your legal name and address to be hidden from the entirety of the internet.

  • by phit_ on 5/15/18, 6:11 PM

    thank god, tired of paying extra for "whois privacy" that various registers offer

    running a hobby project should not require you to share your private contact details with the world

  • by robalfonso on 5/15/18, 6:14 PM

    In the short term WHOIS is going to be limited to just the registrant organization, state, country and a masked email address (Admin and Technical fields will be removed save email). This is short term to come into compliance with GDPR.

    Long term ICANN intends to create a privileged group (other registrars, law enforcement, etc) Who will be able to get to the full whois data. So a sort of tiered system. Expect this to take a minimum of a year. The ICANN multi stake holder model means nothing happens fast.

  • by holstvoogd on 5/16/18, 12:50 PM

    ICANN is scrambling to be compliant they write... We've all had 2 years notice since the GPDR has been adopted! And if you 'didnt know', you have bigger organizational problems.

    I understand it is a lot of annoying work, but adtech and data brokers (etc etc) have been gutting privacy and the internet for long enough. We've let it come this far, now we get regulated.

    (disclaimer: I only started working on compliance this year, do as I say, not as I do ;))

  • by becauseiam on 5/15/18, 6:22 PM

    The WHOIS blackout has already started, I recently registered a domain with a non-European ccTLD, but with Gandi for the registrar. The WHOIS reads:

       Administrative Contact:
      Not displayed due to GDPR

  • by walrus01 on 5/15/18, 9:59 PM

    there is another type of whois that people don't ordinarily interact with, but is essential for the correct operation of the internet...

    ARIN, RIPE, APNIC and AFRINIC run whois databases for IP space. Network operators use them to find who controls chunks of v4 space (ranging from the globally-minimum-announceable /24 to /12). ISPs can use tools like SWIP to point the whois for a block of space in use by a customer to that customer's whois info.

    I sincerely hope that this doesn't become more difficult to use, because it will make basic network diagnostics at a WAN scale much more annoying.

    The good news is that the typical ISP-level info in IP space whois databases doesn't fall under the GPDR, since most are role accounts (abuse@ispname.com , noc@ispname.com, etc). Also generic phone numbers for NOC and network engineering groups. However, a lot of ISPs do currently have individual persons listed as points of contact in their whois entries.

  • by pferde on 5/16/18, 8:44 AM

    I'm just wondering why ICANN is "scrambling to get it GDPR-compliant" just now, at the eleventh hour. They had just as much time as rest of the world to do it sooner, without any interim modes, and without any rush and all the problems that can come from hastiness.

  • by 7ewis on 5/15/18, 8:43 PM

    Noticed this the other day, my own domain is already blacked out.

    I used to put fake info there anyway, I don't want my domain linked to my home address, or provide an easy way for spammers to get my email.

  • by alerighi on 5/16/18, 12:59 PM

    Having a public register that tells you who owns a particular domain or IP address could be useful for a lot of things. Sure, they could take away a lot of fields that are not necessary and might be a privacy problem, like address and phone number, today it's useless, and maybe instead add a GPG public key, so much useful, and keep name and email address.

    But don't remove it, it's a useful thing I use a lot, most of the times for security purpose, you see a suspicious IP address or domain while observing a packet capture, WHOIS tells you who owns it, you find in a log an IP address that tries to bruteforce into your server, WHOIS tells you who it is and gives you an address to contact and ask explanations, you need to find a person to contact if you have a problem with a website, contact the email address in the WHOIS record of the domain, you are sure that you are contacting the right person, even if the site gets hacked in the worst way the WHOIS record can't change.

  • by lima on 5/15/18, 8:04 PM

    I work for a popular hosting company and WHOIS data is causing constants issues - mostly for non-technical customers, but on one occasion, I accidentally used my work mail address during testing. The WHOIS database for, say, the .net zone is extensively mined by spammers and telemarketers.

    I received a torrent of marketing mails for months even though I immediately changed it to a noreply mail address. We receive numerous complaints from customers who ignored our warnings.

  • by lumberingjack on 5/17/18, 12:28 AM

    Back in 2002 teenager me used WHOIS to lookup my ISP's (adelphia) phone number. Some guy picked up the phone in their server room no shit. He answers the phone like it's a internal only line "server room Jim here how can I help?" Me: "ya um I have a problem with my SMTP port can you help out?" Net Admin "How did you get this number! but ya I can help kid"

  • by chx on 5/15/18, 10:38 PM

    My quick and dirty three step scam website detecting process https://travel.stackexchange.com/a/84026/4188 obviously includes whois but -- I think I will make do without. It's only a little harder, to be frank.

  • by mirimir on 5/16/18, 2:44 AM

    So will firms like https://www.domaintools.com/ need to redact their whois history data? They're in Seattle, for whatever that's worth.

  • by atesti on 5/15/18, 6:54 PM

    Does this also apply to RIPE for the whois of an IP address?

  • by NoSalt on 5/15/18, 8:08 PM

    I'm good with this. I don't like the fact that some yahoo can look me up and come after me just because he might not like what is on my website.

  • by techsin101 on 5/15/18, 10:58 PM

    whois guard is a joke so i welcome this

  • by jiveturkey on 5/15/18, 9:59 PM

    good.

    -grumpycat

  • by oliwarner on 5/15/18, 10:46 PM

    I don't understand the problem. When buying a domain you do so in ICANN's jurisdiction, under their terms. Actively and voluntarily forfeiting your right to privacy should trump statutory privacy.

    And if that isn't enough, ICANN can fix this without compromise. One mass email. "Respond expressly allowing us to publish your PII, or lose your domain."

  • by MR4D on 5/16/18, 2:18 AM

    This is stupid.

    What happens next - do patents and copyrights have owner’s right to be forgotten?

    If so, then who do you sue for stealing your copyright?

    The intent is good - let me be clear about that. But the implementation is having second order affects that are going to f* with things in a big way because it wasn’t thought through as thoroughly as it should have been. *

    * Key thought here is that it might be extremely difficult to think through all the second order effects, which suggests to me that a better phase in process should have been implemented.

    EDIT - Not sure why this is being voted down. If i’m Not clear here, then please see my follow-on comment for (hopefully) a more clear view of my position. I’m not saying Whois is stupid - I’m saying GDPR is (due to the lack of thinking around second-order effects).