back to article Facebook accused of trying to bypass GDPR, slurp domain owners' personal Whois info via an obscure process

Facebook is accused of attempting to bypass Europe's hard-line privacy legislation and access personal data on domain name holders through an obscure policy process with the Whois registry. Earlier this month, the CEO of domain registrar Namecheap Richard Kirkendall warned “Facebook is fighting for the blanket right to access …

  1. Captain Hogwash Silver badge

    Outragous

    Sadly, if I were to try and explain this to the facebook users I know, they would collapse with boredom long before I finished explaining what a domain is.

    1. hoola Bronze badge

      Re: Outragous

      Exactly, Facebook, the Zuck and everything they stand for are utter scum. The will do absolutely anything to hoover up as much data as possible so they can make money. It is a cultural issue and they simply believe they are immune from any sort of regulation.

  2. b0llchit
    Unhappy

    What do you think it is about

    Of course it is about private and personal data. There is only one reason why the asocial media exist and that is for monetizing your data. That is their livelihood. Anything else is a smokescreen to get more information. All those "free" services are there to entice you to give up more information.

    Facebook is just one exampe of that business. The other "big" ones do the same thing. However, no one should forget, there are far more smaller players with equally or more aggressive methods to get your data. And then, the big ones are also in bed with those smaller ones. The only safe data is the data that has not been disclosed.

    1. Drew Scriver Silver badge

      Re: What do you think it is about

      Years ago I was in a meeting where a sales rep from Gigya painted an interesting scenario. It went something like this.

      Imagine you're in the car with three friends. It's hot and you're getting hungry. There's a McDonald's coming up and you pull into the drive-thru lane. You're greeted by name and you're told your order is ready - for all four of you. It's exactly what everyone would have ordered...

      The system would know who was in the car (based on mobile devices), how far they'd traveled, when they had last eaten, what they had eaten, how much longer they had to drive, what the weather was like, what everyone liked and disliked, what everyone would order based on the weather, past patterns, habits, the destination, the group they were with, and so forth.

      According to the sales rep, the only reason McDonald's wasn't doing this yet was because it would be disconcerting to many people. But the technology already existed - and that was more than five years ago.

      1. Zippy´s Sausage Factory
        Devil

        Re: What do you think it is about

        The key words there are "sales rep". In other words, someone whose very function is to sell you things that may or may not exist.

        I remember, years ago, several of us being given an urgent project to do - drop everything, including all maintenance, customer service, etc. Why? Because the boss - a former salesman - had sold that we'd already developed this software in house and it was ready to roll out. It was a big enough order to bet the entire company on.

        Six months later, of course, this pipe dream of a monster piece of software still wasn't even close to ready, and the company went bust.

        1. Drew Scriver Silver badge

          Re: What do you think it is about

          While I share your experiences regarding sales reps selling non-existing features, I have seen enough to assume that this particular rep was right about how much can be deduced from all the aggregated data.

          The data is there, the tech is there, the incentive is there. Motive, means, and opportunity.

          Occasionally we get to see a glimpse of how much 'they' know - usually when authorities use it to solve a crime.

          One of the axioms in the (marketing) industry is that they (or at least their systems) know you better than you yourself do. Unfortunately, they're right.

        2. Alan Brown Silver badge

          Re: What do you think it is about

          " Why? Because the boss - a former salesman - had sold that we'd already developed this software in house and it was ready to roll out. It was a big enough order to bet the entire company on."

          That's the point at which you update your CV and leave - because he bet YOUR future and sure as hell wasn't planning to share any of the results with you.

          less stressful and your bank account is more likely to be better off.

          1. Zippy´s Sausage Factory

            Re: What do you think it is about

            That's the point at which you update your CV and leave

            This would, I agree, have been the sensible option. Hindsight is all well and good, but I was young and naive...

      2. Anonymous Coward
        Anonymous Coward

        Re: What do you think it is about

        yet another reason to avoid the place where they serve what they laughingly call food.

        Don't even get me started on the waste disposal habits of their customers.

        As for Facebook, I'd close them down in a flash if I had the power. Google is just as bad.

        1. Anonymous Coward
          Anonymous Coward

          Re: What do you think it is about

          McDonalds food in America is made from different stuff to their UK food.

          "The US fries have 14 ingredients, while the UK fries are restricted to potatoes, two kinds of oil, and (sometimes) dextrose. Notably absent from the UK fries is methylpolysiloxane, a commonly used anti-foaming agent that's also an ingredient used to make Silly Putty." - More: https://boingboing.net/2015/01/22/usa-mcdonalds-fries-have-14.html

          I'm sure that will change now we've left the pesky EU. Now we can have that authentic American chemical taste!

          1. Toni the terrible
            Unhappy

            Re: What do you think it is about

            and yet.... many, including I, go back every now and then, even though the McMeal doesn't taste that good. Addictive additives perhaps, or early onset A. Even though I have had burgers that had pattys which were cold or like leather, fries that were also cold and buns that fell apart also their burgers never match up to ones I do myself. Why do I still feel the need for a McD from time to time? although I manufully surpress it most times

      3. IceC0ld Silver badge

        Re: What do you think it is about

        WOW, and I AM aware of the power of the tech that already exists, and also how 'easy' it will be to operate it as offered by Drew Scriver, and I am STILL told by people that what data any Co can get is next to nothing, and that they are welcome to use it, and that I am just fear mongering FFS :o(

        the future really IS going to be an Us and Them scenario, and NONE of us are going to be able to escape it, and I will bet the farm that even then, the people who spout this shit to me about it is nothing, will STILL believe it, even when they DO start to arrive, out of the blue to a fast food service point, and their orders ARE waiting for them .................

        it all started to click with me when it was revealed just how much FB are able to determine to a high degree of precision on your thoughts regarding many things ONLY based on what you have LIKED on FB FFS

        still, there has to be room for play in the system, as I intend to ask for turdburgers, and post online about them too. then see just WTF I actually do get when I eventually arrive for my dinner LOL

        1. jelabarre59 Silver badge

          Re: What do you think it is about

          still, there has to be room for play in the system, as I intend to ask for turdburgers, and post online about them too. then see just WTF I actually do get when I eventually arrive for my dinner LOL

          Well, if you're going to McDonalds, that's what you'd be getting anyway (although I would say that the one-and-only time I went to a White Castle, they looked and tasted like pressed sludge dredged out of the Hudson River).

          1. Lomax
            Thumb Up

            Re: What do you think it is about

            > I intend to ask for turdburgers

            > they looked and tasted like pressed sludge dredged out of the Hudson River

            I think The Yes Men are on to something:

            https://www.youtube.com/watch?v=ZP_nNemsNT8

      4. Anonymous Coward
        Anonymous Coward

        Re: What do you think it is about

        > It's exactly what everyone would have ordered...

        And if you wanted something different, then they'll refuse to believe you and it's "Too Bad, this is what you've got".

        Meanwhile, they'll encourage your friends to peer pressure you into accepting their pre-chosen meal, just to not make a scene.

        1. LoPath
          Thumb Down

          Re: What do you think it is about

          The first time I went to a Jimmy John's (sandwich shop), I went through the drive thru. On their menu, they have several sandwiches listed including toppings. Some of the toppings I didn't care for, such as brussel sprouts. I had the audacity to request a sandwich without the authorized toppings. I could hear in the order taker's voice that this was an extremely unusual request. In the end, didn't care much for the sandwich and never went back.

        2. Alan Brown Silver badge

          Re: What do you think it is about

          "And if you wanted something different, then they'll refuse to believe you "

          Something almost but not quite completely unlike tea?

      5. You aint sin me, roit Silver badge
        Pint

        Re: What do you think it is about

        That's the kind of service I get when I go to my local... pint on the bar waiting for me by the time I get there.

        Sometimes it does make me wonder if I'm too predictable.

        But then these days the limit of my ambition is to be the grumpy old man who has his own chair at the end of the bar...

        1. Anonymous Coward
          Anonymous Coward

          Re: What do you think it is about

          > Sometimes it does make me wonder if I'm too predictable.

          Possibly. It also means your barkeep is a good sort who has been paying attention to the regulars.

          Sounds like quite a good place.

      6. RobDog

        Re: What do you think it is about

        Back in 2011 I visited an expo by a large eel know storage company in Las Vegas and it was the first they were bandying around the term Big Data and where it lives.

        In one of the keynotes, the guy told of a project where HR depts had started trawling your socials to get a flavour of what kind of person you were, and then also of a project where vending machines in Japan called out to you by name, offering you tempting treats, based on your purchasing history and the fact it had recognised your device details as you strolled by.

    2. oiseau Silver badge
      Facepalm

      Re: What do you think it is about

      "All those 'free' services ...

      Indeed ...

      Because if the service is free, it's just that you are the product.

      But people out there (99.99% of them) think all this crap is so cool and convenient.

      No one understands what it is all about and I fear it is already too late.

      We are doomed.

      O.

      1. ecofeco Silver badge

        Re: What do you think it is about

        Try telling that to the gadget fanbois and be ready duck.

        They have no clue.

      2. Palpy

        Re: Because if the service is free YOU are the product --

        -- but not always so.

        https://www.xeno-canto.org/, user-contributed database of birdsong, worldwide. Free information service, supported by a foundation.

        https://manjaro.org/, Manjaro Linux. Well, we all know that Linux is a socialistical plot (</joke>) but, nontheless, Manjaro is a free, stringless service.

        https://forecast.weather.gov/MapClick.php?lat=36.4571&lon=-116.8662#.XvJkhc-YU3w, NOAA forecast page for Furnace Creek, California, USA. Government agency, therefore tax-supported, but a free service whether you pay taxes or no.

        I completely agree that Facebook, Google, Microsoft, Apple, Zoom, and hundreds of other playahs big and tiny offer craptastic "services" with the sole aim of scraping as much personal data, by means fair and foul, as it is possible for such info-pirates to seize.

        But let's offer a small hand-wave to the many websites which actually do give users value, and do not suck their brains out. (Was it in Starship Troopers that a gigantic squishy bug literally sucked the brains out of one of the human protagonists? Now, that's what to visualize when you read the name "Mark Zuckerberg".)

        1. Intractable Potsherd Silver badge

          Re: Because if the service is free YOU are the product --

          @Palpy: the bugs from "Starship Troopers" are exactly what I think of when I think of Zuckerberg and Facebook! I have done for quite a while now.

          1. FlamingDeath

            Re: Because if the service is free YOU are the product --

            Starship Troopers

            “They’ve sucked his brains out!”

      3. Drew Scriver Silver badge

        Re: What do you think it is about

        It's been like that forever.

        Try explaining to people that commercial television is NOT about showing entertainment, but that their main goal is to show commercials.

        People believe that the programming is interrupted by commercials, when I fact it's the other way around.

        Oh - and people complain about the commercials. A lot. But yet it doesn't compel many of them to stop watching...

        Having grown up in Europe (where it was illegal to interrupt programs for commercials) I was fascinated to find out that a show that lasted 25-35 minutes would take 45-60 minutes to watch in the USA...

        1. John Brown (no body) Silver badge

          Re: What do you think it is about

          "Try explaining to people that commercial television is NOT about showing entertainment, but that their main goal is to show commercials."

          It's not quite that black and white. They have to show enough "good" entertainment to attract enough eyeballs that they can sell the adverts. Having said that, there is clearly a subset of humanity who are happy sit and watch adverts all day, hence the various shopping channels.

        2. DiViDeD Silver badge

          Re: What do you think it is about

          show that lasted 25-35 minutes would take 45-60 minutes to watch in the USA

          Not just the US. Coming from the UK, I'm used to the ad break in the middle of a 30 minute programme (2 if it's an hour), but here in Arsetrailer, they can squeeze FOUR (or more) ads into a 25 minute show.

          Our commercial stations manage, with ad breaks, sports updates, news updates and "You should watch This!" breaks to stretch a 90 minute movie out to 3 hours or more.

  3. DavCrav Silver badge

    "“You don’t know who to sue until you’ve got the Whois information,” claimed Facebook rep Margie Millam at one such recent meeting. “So it’s backwards to say you have to have a lawsuit and you have to use your subpoena power under the lawsuit to get access to Whois.”"

    Yeah, except that's bollocks. It's exactly the route copyright holders usually go. Name a John Doe, subpoena the ISP to obtain the name with some evidence of infringement, then launch a suit against the person.

    1. cipnt

      Why bother to sue when you can use the UDRP which is a lot cheaper (about $1,500 per claim and can include multiple domains) and it's a lot quicker too (takes about a month from start to finish)?

      By having access to the personal data Facebook can just threaten people with a lawsuit which in some cases will be scary enough for the registrant to hand over the domain. All this at zero cost to Facebook.

      And the examples given by Tucows show that Facebook is probably automating these requests and that legitimate domains could be impacted by this

      1. James 139

        "Why bother to sue when you can use the UDRP which is a lot cheaper (about $1,500 per claim and can include multiple domains) and it's a lot quicker too (takes about a month from start to finish)?"

        Because they gain nothing financially nor is it as intimidating, it costs the defender a lot less too, so they might actually be able to fight it and not run at the mention of litigation.

        But isn't the normal list of proceedures as follows?

        - Hosting provider take down request

        - UDRP request

        - Done.

      2. John Brown (no body) Silver badge

        "And the examples given by Tucows show that Facebook is probably automating these requests and that legitimate domains could be impacted by this"

        As with other automated takedown requests, when does the number of false positives turner the suer into a vexatious litigant?

    2. Mike the FlyingRat
      Boffin

      @DavCrav

      You are absolutely correct.

      Its an extra step and it requires that facebook show that there was harm before they get the subpoena. That is that they have to go to court to open a case, alleging harm, then if a judge agrees, it can issue a subpoena which the ISP or in this case registrar can either hand the information over or fight it.

      Facebook will lose these lawsuits.

      The irony which may be lost on many...

      Facebook and other companies claim to be a platform only and thus exempt from lawsuits over content. The registrar however is acting in that capacity and facebook wants them to hand over information that they should go to courts to get. (Claiming that they should be held liable for their customers.)

      Of the examples... none would be a trademark infringement. (e.g. facebooksux.org isn't a TM violation.)

  4. Chris G Silver badge

    "We don't know who to sue"

    Then it is fairly obvious they are not having an impact on Faecebarf.

    Zuckerbarf and all those who support him should be renditioned to the bottom of a deep, dark hole on a remote airless planet.

    1. not.known@this.address Silver badge
      Alien

      Re: "We don't know who to sue"

      This sort of thing is why alien life would never willingly contact humans - not content with polluting our own planet, we are now trying to export some of the worst excrement in existence...

  5. Anonymous Coward
    Anonymous Coward

    Zuck off

  6. heyrick Silver badge

    That’s not the answer that’s going to work for us.

    Having industrial data monetisers rummage around domain registration data is just not an answer that is going to work for me.

    1. Drew Scriver Silver badge

      Re: That’s not the answer that’s going to work for us.

      This isn't about you. The answer has proven to work just fine for the vast majority - and that's good enough for Facebook.

      The people who really care about it already don't have a Facebook account, and they probably never will.

      1. Glen 1 Silver badge

        Re: That’s not the answer that’s going to work for us.

        "don't have a Facebook account,"

        What has that got to do with hoovering (Dysoning? Electroluxing?) WHOIS data?

        If you own a domain, then it *is* about you. Regardless of if you have a FB account.

        1. Drew Scriver Silver badge

          Re: That’s not the answer that’s going to work for us.

          Hmmm.... good point.

          I'm afraid I read the article while trying to pay attention in a Zoom meeting. Looks like the meeting won.

          I'd down-vote my own comment if I could, but El Reg won't let me...

          1. Mike the FlyingRat
            Facepalm

            Re: That’s not the answer that’s going to work for us.

            You could always delete it.

  7. myhandler

    faecesbook.net is available for only $7

  8. Anonymous Coward
    Anonymous Coward

    I'm going to sue....

    Facebook lodged a lawsuit and wrote a blog post attacking the registrar for allowing people to register “deceptive” and “abusive” domain names.

    Domain Name: FACEBOOK.COM, Registrar WHOIS Server: whois.registrarsafe.com, Registrar URL: http://www.registrarsafe.com

    It appears that Registrarsafe are allowing people to register deceptive and abusive domain names such as 'facebook.com' so I think it's time I called my lawyer.

    Well, if it's good for the goose...

    1. EnviableOne Silver badge

      Re: I'm going to sue....

      anyone got xn--fb-5eb95lyaa86a0r.com yet?

  9. ratfox Silver badge
    Trollface

    "That’s not the answer that’s going to work for us."

    Sucks to have to obey the laws, doesn't it?

    1. el kabong

      Obeying the law is too much work for faecebook, what lazy bastards they are.

      Obeying the law is for losers not for them. Faecebook is above all that.

  10. SImon Hobson Silver badge
    Mushroom

    Hmm, does the US have something similar to the UK's "vexatious litigant" rulings ?

    Since it's clear that faecesborg is running an automated system to ask for details of registrants for domains that are clearly not infringing, then their litigation is clearly vexatious and the registrars really ought to go down that route. It would be wonderful to see - in the UK, AIU if a litigant is declared by a court to be vexatious, then they are barred from further litigation without getting permission from the court first. Yes, that would be so loverly to see applied to faecesborg.

    Ah, it appears the US does have such a thing, but it appears to be a fairly high hurdle to clear.

    ICON - imagine a very large pile of manure hitting a very large fan

    1. Zippy´s Sausage Factory

      Nah, they'd just move to another jurisdiction and try their luck there.

      Cockroaches gonna cockroach.

    2. Alan Brown Silver badge

      "Hmm, does the US have something similar to the UK's "vexatious litigant" rulings ?"

      Yes and they tend to be easier to get too - what you referenced is for stuff that's actually in courts but there's another class for those who regularly use _threats_ of litigation without following through.

  11. Kabukiwookie Silver badge

    Fine them into the ground.

    1. Charles 9 Silver badge

      No good. Transnationals usually have good-enough legal teams to lawyer their way out of these kinds of things: even the dreaded "global turnover" fines (they just find ways to reduce the "global turnover" or start using degrees of separation).

      1. Doctor Syntax Silver badge

        AFAICR, given that we're now several decades and iterations into DPAs the legislators have got wise to that and have set the net wide for global turnover.

        1. Charles 9 Silver badge

          Which is why I also mentioned "degrees of separation". If legislators have gotten wise, corporate lawyers have gotten wisER in the meantime.

        2. EnviableOne Silver badge

          That would be the lovely phrase "Undertaking"

          It has already been proved by (Google Spain v AEPD and Mario Costeja González) that this would mean Alphabet in the case of an subsidury.

          So the GDPR supposedly has a big stick, if the Lead Authority is any use, unfortunatley, most of the big outfits have their for europe in Ireland and the Irish data Protection Office is about as usefull as a $notUsefulThing

  12. Anonymous Coward
    Anonymous Coward

    I would just limit the number of concurrent litigation queries..

    Say only 10 active queries at a time per complainant and any misfiling reduce the number allowed by 2 each time per month, it would work to limit this kind of behaviour so as to make it unprofitable for the shysters.

    Personally I would make the contact details they finally obtain those for a legal representative who they have to pay up front to communicate with thereby punishing abuse whilst still providing the legal route for legitimate actions so upfront costs of £5000 for those that afford it, returnable only if it is proven legitimate making a nice little earner for our own legal leeches.

    The US legal system has long been allowed to be abused by companies via automated malicious filings as a way to bully the innocent and until they US address this issue then they do not have my sympathy, I would be quite happy if all the other countries just ignore the US until they do as this is the only way that anything will change

  13. Brewster's Angle Grinder Silver badge
    Joke

    A bar set so low it's subterranean...

    "Its representative continues to claim that being a registered trademark holder is sufficient to be granted full access to the Whois database"

    Fortunately, I own the registered trademark for FacebookSucks™ so I will be able to Zuckerberg's registration details. And I will fund my legal defence by spamming everybody else in the whois database.

  14. Doctor Syntax Silver badge

    "Facebook has been ... filing tens of thousands of requests for data on domains .... When those requests have been rebuffed, Facebook has then sued the companies that people used to register the names"

    Could this be pushing them into vexatious litigant territory?

    1. Roland6 Silver badge

      It certainly puts them into the class litigation redress camp...

    2. Stripes the Dalmatian

      Facebook putting pressure on somebody to help them do something unlawful (under GDPR) by threatening to sue feels like it ought to be an offence in its own right.

  15. Fruit and Nutcase Silver badge
    Unhappy

    Sadly

    Years ago, I missed the opportunity to buy arsebook.com which was available at nominal cost. Meant to come back to it but never did, then when I did get back on the case a long time after, it had been scooped up by some domain name outfit

  16. mediabeing

    Humans - Initials alienate. You don't want folks alienated.

    Scrape up the good sense to TELL US what the initials you use mean.

    It's quite OCF to do RAOP. You know better.

    Time to step up and get fully readable.

    Why would you distance readers with initials?

    You have no good reason.

  17. Winkypop Silver badge
    Terminator

    Zuckerborg

    Is there anything NOT evil about this company?

  18. Anonymous Coward
    Anonymous Coward

    Keep WHOIS public

    WHOIS used to be public and for good reasons. Anonymity is the root of pretty much all the problems of the internet.

    Facebook is far from saintly, but the GDPR is a wrongheaded powergrab by the EU which the US should actively oppose.

    1. Intractable Potsherd Silver badge

      Re: Keep WHOIS public

      Thanks for your input, Mr Zuckerberg, but no one is listening.

    2. EnviableOne Silver badge

      Re: Keep WHOIS public

      CCPA - California Consumer Privacy Act

      Your move

  19. tonyyaman

    Facebook

    its about time the governments took Facebook to task and sorted it out and Zucker as well getting too big for his boots

  20. Anonymous Coward
    Anonymous Coward

    What does former UK deputy prime minister Nick Clegg have to say on the matter? Nick's job title at FB is vice-president of global affairs and communications.

    Speaking of WHOIS the privacy angle is a two edged sword. I've got domains for sale, I'd be quite happy to have the _option_ to make contact details public so buyers could find me easily. And I don't see a problem with Ltd Companies having details made public, not hard to find anyway. But in any case my domain registrar used to offer (for a monthly fee) to hide the details - by which they meant use their own address. I did almost the same for my internet clients (but FOC).

    While we're on the subject there is very little checking of contact details anyway, I expect those who want to hide just change contact info to garbage. The only times I've seen any evidence of contact details being queried are when Nominet threatened to cancel a registration because the postal address had used GB instead of UK and on another account the registrant was identified as something like "Qwertyuiop Ltd trading as Quertyuiop components". They didn't like the "trading as..." bit. That may give the impression they do check but plenty others are inaccurate "56 High street" will be accepted when the actual address is "97 Church Rd".

    1. Alan Brown Silver badge

      > "56 High street" will be accepted when the actual address is "97 Church Rd".

      As will businesses with registered addresses that turn out to be MBE drop boxes (Hint: it's not legal in most countries as the registered address is the place where legal service by a bailiff must be accepted by a human)

  21. Extreme Aged Parent

    Its about time that Facebook was closed down.

    It has become too powerful and is now infringing on each persons civil liberties.

    1. Charles 9 Silver badge

      Good luck. Gibson's Sprawl is already happening. Soon Facebook will be powerful enough to put governments under their heel and become sovereign unto itself.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020