<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Still waiting for Facebook to publish a verified whois of their
account holders ;-)</p>
<p>Best,</p>
<p>Volker<br>
</p>
<div class="moz-cite-prefix">Am 09.12.2019 um 09:46 schrieb Ayden
Férdeline:<br>
</div>
<blockquote type="cite"
cite="mid:-hvSmhtL3ykQ1t81Aa0TfJEp0ywodIuFyHgwTQ0qqrtA-2LDpW14NFZrTFpcCmOLyO3netAmDF0eHQWoKBUO41BrUsSZeN7f12IGMvJvbI8=@ferdeline.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div>I don't want to disagree with someone from my own stakeholder
group, but I don't understand how this is a "quick solution to
the SSAD problem"? These services contain names, emails, and
LinkedIn URLs - I don't see how these are substitutes for the
data elements in Whois. And how are you even meant to know who
to search for in one of these third-party services, absent the
name of a registrant? These third-party services that pull in
random data sets should be reigned in, not what we recommend
others turn to locate/trace a registrant.<br>
</div>
<div><br>
</div>
<div class="protonmail_signature_block">
<div class="protonmail_signature_block-user">
<div>Ayden Férdeline <br>
</div>
<div><br>
</div>
</div>
</div>
<div>‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐<br>
</div>
<div> On Monday, December 9, 2019 3:44 AM, Mueller, Milton L
<a class="moz-txt-link-rfc2396E" href="mailto:milton@gatech.edu"><milton@gatech.edu></a> wrote:<br>
</div>
<div> <br>
</div>
<blockquote class="protonmail_quote" type="cite">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">I am wondering how many
of the people involved in EPDP are familiar with data
enrichment companies such as People Data Labs.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">If you're not you may
be amazed at how vast is the number of people encompassed in
their records, and how many data points are aggregated in
them. As we battle mightily over how much disclosure of measly
Whois records we will allow and under what circumstances, it
might be useful to take a look at this article, <a
href="https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/"
moz-do-not-send="true">https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/</a> <br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);"><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">There you will see a
storehouse of names, email addresses, phone numbers, social
media profile information and physical addresses for 1.2
billion people, all available for subscribers to this service
and - in this bizarre case - all of it exposed to anyone with
the right IP address due to a configuration error of an
Elasticsearch server. <br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);"><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);"> Based on my exposure
to these data enrichment services, I think we may have found a
quick solution to the SSAD problem. One could conclude that we
don't need one at all, because any serious requestor can get a
ton of data about virtually anyone on the internet -
automatically, instantly - by using one of these services. <br>
</div>
<div style="width: 100%; margin-top: 16px; margin-bottom: 16px;
position: relative; max-width: 800px; min-width: 424px;">
<table role="presentation" style="padding: 12px 36px 12px
12px; width: 100%; border-width: 1px; border-style: solid;
border-color: rgb(200, 200, 200); border-radius: 2px;">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td>
<div style="position: relative; margin-right: 12px;
height: 88.128px; overflow: hidden; width: 240px;"><a
target="_blank"
href="https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/"
moz-do-not-send="true"><img
src="https://www.dataviper.io/wp-content/uploads/2019/11/data_viper_blog_v3.jpg"
alt="" style="display: block;"
class="proton-embedded" moz-do-not-send="true"
width="240" height="88"></a><br>
</div>
</td>
<td style="width: 100%;">
<div style="font-size: 21px; font-weight: 300;
margin-right: 8px; font-family: wf_segoe-ui_light,
"Segoe UI Light", "Segoe WP
Light", "Segoe UI", "Segoe
WP", Tahoma, Arial, sans-serif; margin-bottom:
12px;"><a target="_blank"
href="https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/"
style="text-decoration: none; color:
var(--themePrimary);" moz-do-not-send="true">1.2
billion people exposed in data leak includes
personal info, LinkedIN, Facebook</a><br>
</div>
<div style="font-size: 14px; max-height: 100px; color:
rgb(102, 102, 102); font-family: wf_segoe-ui_normal,
"Segoe UI", "Segoe WP", Tahoma,
Arial, sans-serif; margin-bottom: 12px;
margin-right: 8px; overflow: hidden;">On October 16,
2019 Bob Diachenko and Vinny Troia discovered a
wide-open Elasticsearch server containing an
unprecedented 4 billion user accounts spanning more
than 4 terabytes of data.. A total count of unique
people across all data sets reached more than 1.2
billion people, making this one of the largest data
leaks from a single source organization in history.<br>
</div>
<div style="font-size: 14px; font-weight: 400; color:
rgb(166, 166, 166); font-family: wf_segoe-ui_normal,
"Segoe UI", "Segoe WP", Tahoma,
Arial, sans-serif;"><a class="moz-txt-link-abbreviated" href="http://www.dataviper.io">www.dataviper.io</a><br>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">I'll leave you all with
that thought. See you Tuesday.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);"><br>
</div>
<div>
<div dir="ltr" style="font-size:12pt; color:#000000;
font-family:Calibri,Helvetica,sans-serif">
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0;
margin-bottom:0">Dr Milton L Mueller, Professor<br>
</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0;
margin-bottom:0">School of Public Policy<br>
</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0;
margin-bottom:0">Georgia Institute of Technology<br>
</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0;
margin-bottom:0"><a href="https://internetgovernance.org"
moz-do-not-send="true">Internet Governance Project</a> <br>
</p>
<p style="margin-top: 0px; margin-bottom: 0px;margin-top:0;
margin-bottom:0"><br>
</p>
</div>
</div>
</blockquote>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-team mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>