It only took four years and thousands of complaints but ICANN finally kills off rogue Indian domain registrar ICANN has finally acted against Net 4 India, terminating its accreditation and so preventing the rogue registrar from registering domain names for customers in most internet registries across the globe. In a letter [PDF] sent late last month, ICANN told the India-based outfit that it was terminating its contract “due to Net 4 …
ICANN does very little about registrars that fail to follow what they agreed too in the accreditation process. Just look at the quarterly reports from Spamhaus. One registrar that is almost always number 1 on the list, Name Cheap. Their Whois servers didn't work for the longest time and ICANN did nothing. They have had countless fake Whois information and ICANN doesn't do anything. They make money from these registrars, so why would ICANN do anything to stop making that money from them?
ICANN just needs to be replaced.
Whois has for a long time be a bad implemented, as having it open for all to see means it just gets picked up by scammers and bad actor who use the info to try and scam people or just spamming them. I know because I had one of those fake renewal notices sent to the postal address shown on the whois info, trying to get me to pay $250 for a renewal that was only $20. So after that I opted to use privacy whois where the registrar no longer showed my real email and address in the whois.
That is always how it should have been set up, legitimate need to contact the domain owner could go through a email forwarding address, and law enforcement agencies can get a warrant to get the registrar to provide the registrants billing address details should they need it.
Whois info has been used to target businesses I've worked for. In one instance they used that info to try and social engineer their way into getting access to the company network. The person who answered the call was suspicious that somebody who she knew had gone to the gents, had lost their password. It wasn't the most intelligent attack using the person listed as technical contact for the name chosen.
NameCheap has automatic free WhoisGuard on every domain now anyway, so they might as well not even have whois in the first place. Same with many other registrars, of course, but at least there's a few dollars of friction there.
Whois has pretty much been dead forever, only the naive and the exceptionally idealistic put their real information in it and allow it to be open.
Which was fine in 1994 since there wasn't a massive automatic spam operation gathering up those, and when there was probably a single person in charge of that stuff because they had few admins. In order to get those benefits, I suggest that registrars have an email forwarder which can contact the relevant contact but keep all other details hidden unless the customer opts into sharing those details. There is no reason they need physical address or phone numbers and not really a reason they need an email either.
Is it just me or are there striking similarities between the behaviour of ICANN and Nominet? Is this some disease that tends to afflict all registrars over time, probably caused by the lorry loads of money they receive for doing nothing very much? The US Government got a lot of (political) stick for "running the Internet" before ICANN, but at least they were somewhat competent. Or are ICANN and Nominet locked in some titanic battle competing for the highest egregiousness score that they can achieve?
The problem is not DNS itself. The problem is the bureaucratic organization that oversees the (mis)management of the administrative side of domain name registration and allows the registries to be mucked up either deliberately or out of incompetence. Trying to fix this problem by overhauling the DNS system is trying to fix Boris Johnson by overhauling democracy.
"is trying to fix Boris Johnson by overhauling democracy"
Well... Nah, it's Friday, let's leave that be...
As for the "DNS system", there are two parts to it. The first is the technical part of matching textual names to numerical IP addresses. That, glitches aside, pretty much works as defined.
The other part is the method of allocating what names are to be associated with a given address. That...is somewhat more broken, with TLDs seemingly created not so much according to need but more for generating money. Plus the idea to buying interesting sounding words to flog at a vastly inflated price. Then there's the part about artificially raising prices because... (especially when you're the monopoly and people can't go elsewhere)
That would be more like fixing Boris Johnson by holding him accountable.
It is far past time to turn the registry system over to an international non-profit organization. I would suggest that the it fits within the purview of the International Telecommunication Union (ITU), the United Nations specialized agency for information and communication technologies.
Remember the WCIT Treaty from 2012? Expect a repeat on any attempt to hand over internet governance to the ITU or UN, and you can't sue them into compliance. Good luck fining them into compliance if they require something like WHOIS or other problematic policies.
Splinter net here we come.
Of course there is stuff like this
https://www.techdirt.com/articles/20121203/07493221209/itu-approves-deep-packet-inspection-standard-behind-closed-doors-ignores-huge-privacy-implications.shtml
Some years ago, I had my domains registered with a registrar that fell afoul of ICANN. I'm not sure if this registrar was actually doing anything dodgy, it seemed more like they weren't doing anything at all. So ICANN shut them down and decided to transfer all of their domains to another registrar. In their infinite wisdom, they chose a Chinese registrar. With a website that was entirely in Chinese. That was a fun experience.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
