back to article Mickey Mouse Whois ban threat sparks privacy fears

The days of pretending to be Mickey Mouse or Daffy Duck when you register a domain name could be numbered, following demands placed on ICANN by law enforcement agencies and governments. ICANN is currently locked in contract talks with its accredited domain name registrars, and expects they will agree to make the verification …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    No doubt they will insist on us putting a valid email in the WhoIS too!! Boom time for the spammers and spam filter makers!

    1. Crazy Operations Guy

      I have a dozen or so doamins wiht a real email address

      I have not seen a single piece of spam, most of these domains have been running since 2009. I have received paper spam for my domains, but nothing else, not even to my phone number I have on the website. I see a hell of a lot more spam on open-source mailing lists I have joined over the years.

    2. Franklin

      I have about 30 domains, none of which have any sort of whois privacy protection, and (except in incredibly rare situations, usually from a Chinese registrar trying to get me to register .cn domains) I don't get spam to the contact info on my domains. I get all kinds of spam to any email address I have on the sites themselves, but that's another situation.

      My domain registrar offers Whois privacy for free; there's no rreason to think that will change.

    3. Tim Bates

      Don't think we get any spam at work to the address we've used for multiple domains as tech contacts... Can't really tell - we get maybe 10 spam messages a week, which all get filtered into a spam box anyway.

      Honestly, I don't get these people who want to hide their identity when they register a domain... If it's that worrying, don't register it! Problem solved.

      1. M Gale

        If it's that worrying, don't register it!

        Exactly what I thought when the Lords Fuckwit (sorry, I meant ICANN) decided to post everyone's personal information online via the WHOIS records after removing the ability to go "ex directory" for us ordinary plebs.

        I now own no .com domain names. The search engine spammers can have them. Vote with your wallet and tell ICANN to piss off. Plenty of other registrars in the world and ".com" has less cachet now than it used to.

  2. Anonymous Coward
    Anonymous Coward

    Gonna cost more than it'll deliver.

    The basic problem, as always, is that if you really want to, there are always ways around it. So all this does is throw up a bit of a barrier that's easily overcome, given the right registrar and the right amount of money. It's also easily done in such a way as to be undetectable unless and until government comes a'knocking. And in some places that just won't happen.

    So it forces another "you have nothing to hide, have you, eh?" on everybody, costing a lot, losing a lot of custom, and not actually improving the situation all that much.

    It is going to cause more problems than merely screwing the innocents: Enforcing this will be up to the US govt, which it will this way or that way, thus proving that it is in fact meddling with ICANN, thus alienating the 190-or-so other countries on the globe that much more. It also shows just how much that vanityTLD programme will have the effect of even more Americanizing the internet, even if indirectly.

    So in all, both together come out as another land grab. Given how completely devoid of humor and utterly owned by corporate interests they are, well, you can easily see how that'll play out. If you want dystopia, this is a good path to walk down. So much for ICANN's independence.

  3. toadwarrior

    why not be private by default?

    I have no problem giving the domain company my info. I do have an issue with any spaz-tard on the net looking up my info to do something stupid so why not hide the info and only show it to people with a valid reason to see it?

    1. Anonymous Coward
      Anonymous Coward

      This isn't about just giving your name and address.

      Though I personally would prefer to keep the address part, and possibly the name, private. All that's needed is a reliable email contact and a phone contact for the out-of-band immediate action cases, maybe a fax for that reliable delivery of email-like notes when email is out.

      That is all whois was ment for. It was not ment as a law enforcement database, which is what the LE goons are evidently after. What this is going to mean, then, is copies of passports with pictures and SSNs/person numbers and a whole bunch of info the registrar has no business keeping.

      And that, that is bad. As should be obvious to regular readers by now.

  4. BristolBachelor Gold badge
    Big Brother

    Thin end of the wedge?

    Firstly I agree that this is unlikely to make any difference to anything of benefit (those doing dodgy things will still cover their tracks).

    Worryingly though, is where does it end? Maybe next year you need to prove your ID for an email address? (A license to use the internet perhaps?). Maybe a few years later, you need to put your electronic "internet license card" into the slot in the computer before you can connect to the internet. Plus all your doings will be logged to ensure that you didn't do anything wrong?

    1. Anonymous Coward
      Anonymous Coward

      Where does it end

      It will end with parallel name resolution systems springing up (like TOR already has for example) for the folk that care, and everyone else that doesn't care pushed evermore exclusively onto private networks such as Facebook and Google.

      Depressing. :-/

    2. Studley

      "A license to use the internet?"

      That sounds BRILLIANT. I'd gladly pay for an alternate internet which requires an IQ test to gain entry. The alt-net wouldn't need to worry itself about celebrity gossip, and journalists would be forced to source actual quotes for their articles, rather than just reporting on what celebs are tweeting (BBC/Sky are the biggest guilty parties here).

  5. Aaron Em

    I can't believe you people

    "Hey, remember when we asked you to swear you weren't lying about your whois info, or else pay a little extra to proxy it? Yeah, we're going to start checking to make sure, 'cuz it turns out -- who knew? -- that the honor system doesn't work all that well on the Internet. Shocking, I know."

    Honestly -- in what sort of mind does this equate to "HERE COMES THE GESTAPO TO MURDER THE INTERNET!!1!"? Or is this just some kind of knee-jerk moron reflex which seems only to belong to people too ignorant to understand what concepts like 'sovereignty' mean?

    1. Anonymous Coward
      Anonymous Coward

      Please do recall...

      ... that the US govt has repeatedly claimed to promise not to meddle with ICANN, honest. Turning the whois --administrative, not LE-- database into another "checked and verified" LE-grade database, and one that's public to boot, is exactly the sort of thing that would fall under such a promise. So the promise was false, as expected. It's gonna cost everyone, it won't help as the people who really want to can still subvert it left and right, it means you have to hand over and "prove" more data to third parties with unknown other parties also having access; rather nasty privacy problems, that, and it shows just how credible and ICANN claims really are.

      The problem with 'sovereignty' is that this approach rides roughshod over the entire internet-connected planet. We really should take the DNS root and maybe a couple other things and put it under its own sovereign council or something, exactly so that the USoA or any other government cannot just go out and lay down their whim as law on the entire world. That's no cooperation, and cooperation is what made the entire thing possible in the first place. Yes, it bloody well does touch on the very roots of the internet's raison d'être, thank you.

      1. Aaron Em

        What do you mean to do about it?

        That's really the essential question here. You want the Internet to be a nation of its own? (Yes, you do, whether you realize it or not. What else do you imagine a 'sovereign council' to be?) So what's your plan for making that happen? Do you have one? Does anyone?

        Strange. All I can hear is crickets...

        1. Anonymous Coward
          Anonymous Coward

          "Strange. All I can hear is crickets..."

          Funny. 'cause all I can hear is bullshit.

          1. Aaron Em

            How droll

            Did you have an argument to make, or do you always find yourself relying on scatologisms when you can't muster something resembling wit?

          2. Fatman

            RE: Funny. 'cause all I can hear is bullshit.

            Thank God, we have yet to be able to send the sense of smell thru the intertubes.

        2. Anonymous Coward
          Anonymous Coward

          You're not listening very well then.

          I do realise what it means, yes, thank you kindly for asking. Right now the US acts as if all the non-ccTLDs (as well as its .us ccTLD) are under its jurisdiction; despite explicit promises not to do so. This is historical but should be fixed, exactly because so much of the users of those non-ccTLDs aren't under their jurisdiction and where they are, shouldn't be. The fix to that would be to take it all out of theirs and put it back where it belongs through, say, "domain extradiction treaties".

          Meaning that somebody doing things that are illegal under their country's laws using a .com could easily be made to answer for that, by his own country. They would request extradition of the domain under a globally-agreed-upon protocol and treaty with that internet council "country", with all the legal niceties catered for. That's quite different from Europeans having their domains pre-emptively seized because some judge in Kentucky agreed to dislike what they're doing. The point is to have a neutral "country" do all this, putting all countries on an equal footing and resolving a lot of ambiguity.

          The alternative is to remove all the non-ccTLDs, or at least move them wholesale under .us, just to make clear who has rightful jurisdiction. If strict country-bound jurisdiction is what you want, you can have it, but at least be honest about it. Or we can keep the current situation and watch the US slowly drive the rest of the world into balkanisation.

          Oh, and your assumption that everyone but you naturally doesn't understand is getting a little tiring. Here, have a cricket.

      2. Mike Flugennock

        And, also please do recall...

        "Please do recall ... that the US govt has repeatedly claimed to promise not to meddle with ICANN, honest. Turning the whois --administrative, not LE-- database into another "checked and verified" LE-grade database, and one that's public to boot, is exactly the sort of thing that would fall under such a promise..."

        Please also recall that the US Govt has shown itself, over the past twenty or thirty years, to be one of the most duplicitous, underhanded, devious, and flat-out skeezy-assed governments on the planet. I've learned from experience that whenever the US Govt makes such claims or promises, it's time to LOOK THE FUCK OUT.

        1. PJF
          Thumb Up

          and being from US of A(holes)

    2. Mike Flugennock


      "Honestly -- in what sort of mind does this equate to "HERE COMES THE GESTAPO TO MURDER THE INTERNET!!1!"?"

      Well, I wouldn't use language that's quite so "hype", but, yeah, I think this equates to the further encroachment of a surveillance state based on my observations of corporations and governments in collusion for the past twenty years or so.

      Yeah, that's right, twenty years -- at least. This shit didn't start on NineEleven™.

    3. This post has been deleted by its author

  6. batfastad

    Maybe people would be more tempted to enter correct personal info if it wasn't available to the entire world through whois! If whois just returned the creation/updated/expiry dates, the nameservers and the domain status, then I think you'd see alot more people willing to enter their actual information with the registry.

    Or just have people enter their contact info directly at the registry like Nominet (although it's disgraceful the way they charge an admin fee for name changes/transfers).

    I suppose this would mean that registrars would be no longer permitted to sell services which hide your contact details and give you an e-mail forwarder.

    Would this also apply to people who pay for their own new sponsored TLDs? Or could you operate .flange and not require this address validation for customers who wanted to register a .flange name?

  7. El Presidente

    Let the 'tards have anonymous places ..

    On the web. Somewhere to get their spazz on ...

    Like FacePlace and GoogleMySpuh+ etc.

    Anyone doing business online should have a proper *real life* contact address.

    The relevant authorities should enforce existing legislation rather than introduce a new set of rules they are not going to police.

    See Leveson et al.

    1. This post has been deleted by its author

  8. Anonymous Coward
    Anonymous Coward

    Beware the crazy ones then.

    I used to know a person online, a bit of a dangerous person. He was one of those political-fanatic types. They come from all positions, but this particular one was from what would be called the conservative side on the American scale. He considered it his patriotic duty, even his God-given duty, to fight the evil liberals and purge the internet of their corrupting influence. This went so far as him once setting up a blog in the name of a liberal opponent of his, claiming to be them, and posting a a series of articles in support of child pornography.

    The internet is full of extremists like that. If you have a domain name and have to reveal your name... well, you'd better never say anything political in nature, or religious, or even in support or opposition of a football team. Because if you do then, somewhere out there, is a person who takes it so seriously that they will stop at nothing to destroy you for such blasphemy - and who considers it fair play to send threatening calls to your family, email your neighbours anonymous tips that you are a convicted sex offender and contact your employer claiming you used to work for them and were fired for stealing from the petty cash.

    1. Aaron Em

      It's called a proxy registrar

      And, pace the twelve-year-old dipshits upthread, no one's saying that proxy registrations will no longer be allowed. The info in your whois doesn't need to be your real name & home address et cetera; it just needs to be a real address for somebody who can answer for your domain, whether that's you or Domains By Proxy or whoever. This has always been true; the only thing that's changing is that it will now be enforced actively by registrars instead of just waiting for a complaint to come in before they check it out. Yet somehow the whole fucking world is ending, I guess? I mean, far be it from me to tell people they ought to hold their water for long enough to make sure they know what they're reacting to, before they break out the Chicken Little Fawkes masks and start screaming about how Cory Doctorow was right all along.

      1. Anonymous Coward
        Anonymous Coward

        On the one hand that there's a 'rule' that you have to put the correct details in; on the other hand the same people are offering a paid-for anonymity if you don't fancy (and who does?) having your name, address, email and phone numbers publicly visible. There are billions of people on the internet and not all of them have your best interests at heart.

        Simpler just to lie on the form. Better, in fact, because you know your personal data isn't going to be sold on by the registrar. If they don't have it they can't misuse/lose/sell/whatever it.

        Maybe for businesses it's different and they probably have a PO box anyway; but it's different for individuals who work from and live in the one building.

        1. Aaron Em

          If you trust your registrar that little

          then why are you doing business with them? (And does anyone honestly care any more whether their contact info's onsold as part of a marketing list? So you get a little more junk mail, so what? Not like you don't get enough already, and it's not like anyone who actually cares doesn't already know your shoe size and how long your dick is, anyway.)

          Again, nobody says you have to put your own home info in the whois record -- it just has to be able to get to you somehow. That's how proxy registrars work -- if they get mail with your account number on it, they send it on to you in another envelope. (Works just the same for postal and electronic mail, for that matter.)

          So if you're all that worried about it, and for some reason you don't want to use a proxy registrar, then why don't you just get a PO box and go on with your life? I mean, you're already paying for the domain registration and, unless of course you're just buying the name for the hell of it, whatever services you're going to host there -- what's a few more bucks a month?

          1. Anonymous Coward
            Anonymous Coward

            It's not a matter of's a simple case of minimising risk. Information can't be misused if it's not there. The contact email address is perfectly valid and is a means of contact (and there's a contact form on all my sites anyway). Phone and physical location data I consider to be both personal and belonging to me...I get to choose to whom I release it.

            All your solutions involve extra steps, risks and costs for a problem I don't have by the simple expedient of lying glibly on the form. And I don't know why you're so keen to have people publish their addresses anyway - I suspect an ulterior motive.

            For the record, I don't have nefarious purposes for any of this...I simply prefer to have as little of my arse hanging out on the web as possible.

  9. Glen 1

    I registered for dyn's secret registration service...

    and had my domain 'expired' by nominet because the whois record didnt contain what they saw as valid info...

    After too-ing and fro-ing with dyn, they refunded me, and said i can re-register, but not to select the secret registration option.

    Strangely, last i checked, dyn still offers the secret registration service with .uk domains....

    1. Aaron Em

      What does your registrar sucking

      have to do with the price of cheese?

      1. Glen 1

        my registrar didnt suck (well, only slightly)

        nominet, ie the people in charge of the TLD *already* forbid proxy registrars. Which Dyn was trying to be.

        Which is quite relevant.

    2. jonathanb Silver badge

      For .uk domains, if you register it as a non-trading individual, you can opt out of having the details made publicly available, apart from your name, so I don't see why you need a proxy registration service.

      1. Glen 1

        @ jonathanb

        i didn't know that.... It isn't an option on the Dyn dashboard.

        I logged into directly and sorted it from there.

        Thanks. :)

  10. Old Handle

    Totally ridiculous

    The idea that every internet site needs to publish its owners true name and address is an anachronism. It may have made sense when only large companies universities had websites, but now millions of ordinary people have domain names, it's an unreasonable burden at best, and puts people in danger at worst.

    So if anything, they need to relax the rules, not ramp up enforcement.

  11. Anonymous Coward
    Anonymous Coward

    Doesn't really change anything

    ICANN want's real name?

    Perp doesn't want to give his, so he goes to closest homeless shelter and gets a stand in for the price of new boots and a bottle.

    A solution that solves nothing.

  12. Alan Brown Silver badge

    The reason for the requirement of real name and address

    Has _always_ been to have an address for legal service.

    You can be as anonymous as you like if you don't have your own domain - but the moment you have a public-facing DNS entry there are some responsibilities as well as rights.

    ICANN has always contractually required that registries not allow bogus registrations be used in the first place and occasionally reminded them of this obligation, but only under pressure.

    It's only taken 10-12 years of complaints to have the contract terms enforced more rigourously...

    FWIW my experience with DNS anonymising outfits is that they're 95%+ used by spammers, scammers and kiddie fiddlers. The other 5% would mostly be horrified if they knew just who else they shared a mailbox with.

    (I hold a number of domains. The name on them is a shelf company and the address registered to them is the legal office of same - my accountant's office - you don't have to put your _home_ address on the registration.)

    1. Aaron Em


      Are you seriously suggesting that public participation involves something other than me doing everything I can to maximize my own benefit without regard for any other consideration?

      That's crazy talk.

    2. ElReg!comments!Pierre

      @ Alam Brown about stats

      >FWIW my experience with DNS anonymising outfits is that they're 95%+ used by spammers, scammers and kiddie fiddlers. The other 5% would mostly be horrified if they knew just who else they shared a mailbox with.

      1) I call complete bollocks on your stats.

      2) this is not about "DNS anonymising outfits" but about submitting bogus info to a non-anonymous DNS registrar. Entirely different.

      > (I hold a number of domains. The name on them is a shelf company and the address registered to them is the legal office of same - my accountant's office - you don't have to put your _home_ address on the registration.)

      3) Ha. So you do anonymize your DNS records by yourself, using business practices more commonly associated with organized crime, conmen and other charlatans (shell companies, strawmen etc). Therefore the rest of the world can go screw itself (they can face their "responsibilities", as long as you can still hide behind shell companies and law-protected strawmen). That's the hypocrisy button turned all the way to 11.

      1. Aaron Em

        Oh for pity's...

        1) Bald assertion will get you nowhere. Mr. Brown made clear he's speaking from his own experience, for whatever that's worth; you just say he's full of shit, without qualification. Point to Mr. Brown.

        2) Dodge, dodge, dodge. The point being made is that DNS anonymizers are largely used by people with something to hide -- I'd add, also by people who fail to realize that being on the slightly radical side of the prevailing hegemony never got anyone doorstepped before. Whether or not that's accurate is a fair question, not that you care; going by the evidence you'd much rather sling insults than argue anything of substance.

        3) Being reachable at the address in your whois record, whether that's where you actually live or not, is what criminals do? This is some kind of hypocrisy, that Mr. Brown lives up to the terms of the contract he signed with his registrar? Funny, I seem to remember from registering my own domains that that's what my registrar requires of me, too. Whether they care about enforcing the terms of that contract or not doesn't change the fact that I find them worthwhile to live up to, if only because I don't want to get a nasty surprise six months from now when GoDaddy pulls my domain registration because I haven't been doing what I agreed with them I'd do when they sold me the name. And you tell me ICANN is now requiring registrars to enforce the terms of the agreement, rather than simply trusting random Internet denizens to live up to what they said they'd do? Oh, God, it must be 2012 -- the world is ending!

        (Oh, and by the way, there's a difference between a "shelf company" and a "shell company" -- something you'd know, if you lived in the real world.)

        1. ElReg!comments!Pierre

          @ Aaron

          What kind of drivel is that?


          1) FROM MY EXPERIENCE I call bullshit on the stats. Point to me, I assume.

          2) WTF? These are 2 completely different things."experience" of "anonymizing whatsit" is claimed. I say, irrelevant here as that's not the point discussed. Now as for the point discussed, go ahead and check the whois info on a more regular basis. Even very legit domains list obviously fake contact data. I actually just went and checked some "dodgy" domains (I don't know any kiddie porn website, but I tried with scammers, websquatters and spammers). Most of them actually have a contact info that seem legit (most probably accountant or attorney offices, and shelf companies, but legit-like). Go ahead and try with your own spam folder, you'll be surprised.

          2.1) Something to hide? Haha. I was waiting for that one. Do you have curtains on your bathroom window?

          3) I don't have anything against that anonymizing one's DNS records. But using anonymizing, the-bucket-stops-there techniques (the same used by conmen, organized crime, and other scammers) to anonymize one's DNS registration, while claiming moral high ground and "responsibilities" for the rest of the world IS major hypocrisy.

          3.1) Shell vs shelf: functionnaly equivalent. Actually it could be argued that a shelf company is a subtype of shell company.

  13. ElReg!comments!Pierre

    And there come Anonymous...

    Brilliant! Now /b/ will know where to send all the pizzaz and taxis within seconds!

    Brillianter! Now PETA knows which house to egg and paint red, whose kids to bully etc!

    Brilliantest! Now the local neo-nazi group -or mexican cartel- knows who will be found half-eated by racoons in a dumpster next week!

    Once again, a measure mandated by US big business for dubious reasons*, with a lot of very bad potential consequences for -some- ordinary citizens around the world. Whatever you do, if you're not a big company, do NOT publish anything controversial on your website(s). Do not host a webforum where controversial views might be expressed. Or don't use the USA-controlled DNS system.

    * and, them being the brain-dead goons they are, they probably don't even realize that it won't actually be of any help for them.

    1. Mike Flugennock

      Brilliant, Brillianter, Brilliantest...

      "Brilliant! Now /b/ will know where to send all the pizzaz and taxis within seconds!

      Brillianter! Now PETA knows which house to egg and paint red, whose kids to bully etc!

      Brilliantest! Now the local neo-nazi group -or mexican cartel- knows who will be found half-eated by racoons in a dumpster next week!"

      Uber-Brilliantest! Now governments will know exactly where to find political dissidents and how to silence them.

      1. Aaron Em

        This is something *you* worry about?

        Unless there's two Mike Flugennocks out there, your only problem with the prevailing hegemony is that it isn't communist enough for your taste -- and you're worried about jackboots at 2am? Seriously? My God, man, it can't be easy carrying that kind of persecution complex around.

        1. This post has been deleted by its author

  14. Mike Flugennock

    a good idea, but not so good...

    Miraculously, I've received almost no spam despite my having given a valid email address to Network Solutions when I first registered my two domains about 12 years ago. I had no problem with giving them my street address as, of course, they needed to be able to send me important hard-copy info and certifications and such. Still, I hedged my bets by registering them under a pseudonym.

    Now, then... does anybody here remember about seven or eight years ago, when there was a big rash of "slamming" going on, with a bunch of skeezy outfits trying to dupe people into switching over their domain registrations by sending them advertising disguised as renewal notices and bills? There was a huge-ass stink about it in the news, especially right here in The Reg. I was pretty pissed off at the time, not just because these two-bit bastards were trying to trick me like that, but because the junk mail was addressed to my house under the pseudonyms I used to register my domains at Network Solutions. Yeah, that's right, the sunzabitches were selling my address.

    1. Anonymous Coward
      Anonymous Coward

      ...or they got pwned. Same effect, different motivations. I wouldn't put money on a guess either way though.

  15. Graham Wilson

    Seems to me it's a serious problem.

    So ICANN verifies, now what?

    Well, everyone from human rights types to criminals who don't want to be identified will eventually force the breakup of the registration process.

    Some of the registration shrapnel will, in all likelihood, end up in places outside US jurisdiction, which, to me seems to defeat its purpose.

  16. Anonymous Coward
    Anonymous Coward

    Contact Details

    I have worked (when that was what I did) for several large insurance and banking organisations. Several of them registered their domain names using 'inaccurate' contact details - equally several of them also defecated oblong roasted clay when renewal time came around and they realised that the person that was the recipient of said details had fucked off to pastures new. Great fun, and as our American cousins would say, I quite often bought popcorn, sat on a comfortable seat, and watched the ensuing panic.

  17. Herby

    All you need to do is...

    Make the lookup process "expensive" (in relative terms) AND record WHO does the lookup. Then make the data on your own WHOIS record "free".

    This eliminates much of the problems. If someone IS looking my records up, I should be able to know who is doing it, even if it is law enforcement.

    Of course, I'm dreaming, but there might be a white Christmas here in the bay area (it did snow here about 40 years ago) some day.

  18. Anonymous Coward
    Anonymous Coward

    Verify Me ?

    How are they going to verify I'm me ?

    I've never had anything in hard copy from anywhere that has registered domains for me.

    My hosts don't care who I am as long as the bill is paid.

    Why would anybody need to know that I'm a real contactable person anyway, if you have a problem with something on one of my sites you could contact the domain server, they could pass on the complaint and if they couldn't get hold of me (because my details don't match anymore, gmail has gone bankrupt etc.) then they could just pull the plug on the name.

    What is it with these people who want to make everybody else identifiable at no financial cost to themselves.

  19. Anonymous Coward
    Anonymous Coward

    Must provide a name, address, email address and phonenumber.

    Some big companies could listen to this. There are many who don't have those details on their whois info.

    Others do but their address is for domain related issues only and anything non-domainy gets ignored. Difficult when the only other way of contacting them is via their online form which requires info you may not have (like a customer number).

  20. Dave Bell

    An explicit privacy option for the WHOIS data would be a good thing. Why shouldn't law enforcement be expected to get a warrant--there's probable cause enough on any scammer website. And that would take away most of the legitimate reasons to mask the RL identity.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022