On 03/25/2017 06:36 AM, Michael Orlitzky wrote:
On 03/24/2017 09:44 PM, John Levine wrote:
Sure, but the arguments we're seeing at ICANN are way beyond
reasonable.  Everyone thinks it's important to protect the personal
information of people, but most domains are not registered by people.
That's a self-fulfilling prophecy. How many of those are registered by
people who didn't want their home address publicly listed?
Agreed, data is needed here to make intelligent decisions.

How many people are spammed from having their email address listed?
Wrong question. :)  "How many spams do people receive where their e-mail 
address was retrieved from whois?" is the right question. The answer to 
the first is 100%, but that's not meaningful. I use a different e-mail 
address on my whois contacts on purpose for just this reason. I get 
10-20 messages a day flagged by spamassassin, and about half that which 
SA misses for some reason. Easily 99.9% of those are to my e-mail 
addresses which are publicly available on the Internet. I get a handful 
a month to my whois contact address. (And less than that to my PGP key 
spamtrap addresses, for what that's worth.)
The spammers themselves have said that trolling whois for addresses is 
not valuable to them because they can get so many more addresses so much 
cheaper from other sources. Spam researchers have repeatedly validated 
this.
When it comes to privacy I'm much more concerned about the most 
vulnerable folks not being required to publish their residential address 
and personal phone number in whois. Those actually can be serious 
threats, up to and including physical harm for some.
How many get scammed by the domain-renewal scumbags?
A lot? Probably? But that's part of being a domain holder. IMO the 
registrars should be doing a better job of educating the users.
How many people have
been harassed at home for something they wrote on a blog? Has anyone
been killed?
There are numerous examples of the first, I'm not aware of any examples 
of the second, but it's only a matter of time.
I'm in favor of privacy being an optional feature, as it is now, where 
registrars (or the privacy-providing party) take on a legal obligation 
to pass all communications to the registrant within 24 hours. Most folks 
don't need that, but the ones who do need it should have it.
Can someone
list the ways that the WHOIS data is used for good?
Sure. :)  I work with companies all the time who are interested in 
procuring domain names for new projects, campaigns, etc.; and want to 
know who's already registered what, where.
I also work with companies that want to take action against bad actors 
who are using "confusingly similar" domains to spread malware, porn, 
etc. (Usually ending in a UDRP case)
And to John's objection to privacy for companies in another message, 
your outlook is unrealistic. It's often very important to secure names 
in advance for a project that hasn't been publicly announced (because 
once it's announced the speculators will swoop in). Not being able to 
mask ownership information for these domains, prior to the announcement, 
would be a serious business risk, and serve to stifle innovation around 
domain names.
hope this helps,

Doug


_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to