[gnso-rds-pdp-wg] Discussion Topics

John Bambenek jcb at bambenekconsulting.com
Sun Jul 23 20:12:26 UTC 2017 

Presumably ICANN itself has a complaint whois record. You can see it here:

http://whois.domaintools.com/icann.org

No PII involved, presumably the phone number is their office number (someone could use google
Voice if they don't want to be contacted), and the name/email are role based. It seems this is the common practice in all types of orgs these days. 

--
John Bambenek

> On Jul 23, 2017, at 14:43, Kris Seeburn <seeburn.k at gmail.com> wrote:
> 
> I agree on this issue too, and what u point out has its merits but how do we register and keep everything anonymous. Should we just register anything without validation or else as I said let's categorize when application is made and let icannn be the data commissioner at length. When we categorise we still have a validation of owner what we forgetting is it also help the abusers as well but still we need to be impartial and see through the categorization where you choose the category you fall into and you feed the right data yet you can have a field that protects or request protection under certain laws. What I meant by categorization was like commercial entity, ngo etc. some ngo in can still fill extant data but can use a field which is added to say for x circumstances we wish all data and ownership to be completely void. But not to forget we need to validate that then we could also have the jumping abusing sites doing same and they cannot be catched. 
> 
> Kris
> 
>> On 23 Jul 2017, at 22:08, John Bambenek <jcb at bambenekconsulting.com> wrote:
>> 
>> Under no circumstances should anyone whose threat model legitimately includes their own government ever directly register a domain name. Use an actual meatspace proxy if you must (ie lawyer in safe country). Better to not do so at all. 
>> 
>> Let me repeat, if you are going against your own government and they are of the type to kill dissidents, then directly registering a domain name is suicidal. 
>> 
>> You will not only get yourself killed. You will get everyone involved in your cause killed. 
>> 
>> There is no technical control that anyone here can devise to protect someone who has made this error. Not eliminating whois/RDS, not gated access, literally nothing. 
>> 
>> There are people on this list who advise and protect people who have these legitimate concerns. I know of no one who would advise you to register a domain in these circumstances because WE CANNOT PROTECT YOU. 
>> 
>> People in those circumstances have other tools they can and should use. 
>> 
>> The simple fact is GDPR applies to US companies who simply have European customers. No one disputes this. I have no idea why anyone thinks when repressive regime X sends legal process to a registrar/registry Y that the end result won't be the registrar/registry Y giving repressive regime X all your data. 
>> 
>> This is not a scenario that needs a solution. The solution is "Use tor. Use signal."  Let's focus on the real problems please. 
>> 
>> --
>> John Bambenek
>> 
>>> On Jul 23, 2017, at 07:57, Raoul Plommer <plommer at gmail.com> wrote:
>>> 
>>> I'm not sure if this is obvious to all the people in the RDS working group, but especially registering a domain name for a pseudonymous/anonymous collective that's working as some kind of a political NGO, can be vulnerable to all kinds of malicious attacks, after the the info in the WHOIS can be retrieved by anyone.
>>> 
>>> How would people like to be a registrant of some western LGBT domain and be treated harshly in Abu Dhabi conference because of the exposure in the WHOIS, for example?
>>> 
>>> -Raoul
>>> 
>>> -Raoul
>>> 
>>>> On 21 July 2017 at 22:21, Kris Seeburn <seeburn.k at gmail.com> wrote:
>>>> I forgot further down the line we are given loads of questions to fill in and give details which can be hidden by an extra payment then you need to get legal action to find the owner.
>>>> 
>>>> My innocent question are we going to be canned the same way all in all our history or why not think of a better way to reduce the list but find another to catch abusers etc., not all Whois is correct be it on icann or even in RIRs there is a common issue that needs to be solved and we all need the accuracy of such details. I get frustrated both ways.
>>>> 
>>>> Kris
>>>> 
>>>> > On 20 Jul 2017, at 19:53, "benny at nordreg.se" <benny at nordreg.se> wrote:
>>>> >
>>>> > I like the idea, and combined with gated access it should easier to track down the abusive users.
>>>> > Problem are still enforcement how, who and where, and there might even be jurisdictions which have no legal objections for this kind of behaviour
>>>> >
>>>> > Another problem to something like this, who will be the responsible part if a registrant have opted out and don't want to be contacted but still are contacted? We really don't want to give the impression to the registrant that these problems are solved with a tick in a box.
>>>> >
>>>> > --
>>>> > Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>>>> >
>>>> > Benny Samuelsen
>>>> > Registry Manager - Domainexpert
>>>> >
>>>> > Nordreg AB - ICANN accredited registrar
>>>> > IANA-ID: 638
>>>> > Phone: +46.42197000
>>>> > Direct: +47.32260201
>>>> > Mobile: +47.40410200
>>>> >
>>>> >> On 20 Jul 2017, at 17:38, Rod Rasmussen <rod at rodrasmussen.com> wrote:
>>>> >>
>>>> >> Chuck,
>>>> >>
>>>> >> Please consider it “put forward” then. :-)
>>>> >>
>>>> >> I too have been experimenting a bit with registration-specific phone numbers and distressingly find the same issue - call upon call that only started to the number once the data was published in whois *AND* in the hands of the registrar of course (hard to tell who the real villain is given that, probably both).  Many of these are the Indian boiler rooms pretending to be “Microsoft support” for example.
>>>> >>
>>>> >> This fits in with the concepts we were discussing last week on “preferred contact methods” for a particular contact object (person/legal entity).  For example, we could still mandate collecting a phone number, but only publishing it for particular purposes and providing a “preferred public contact” method that is less intrusive depending upon the preferences of that contact.  Not saying I endorse that approach or not, just saying that we need to be thinking along those directions.  For example, I could provide my e-mail address as my preferred “public” contact method since I can spam filter it far more effectively than phone calls, but still be reachable via phone for important technical issues or abuse problems with some sort of vetting.
>>>> >>
>>>> >> At the end of the day we’re talking about a “directory service” here and we need to be approaching it from how we would engineer one at the end of the second decade of the 21st century rather than the beginning of the last decade of the 20th.  A long list of fixed field parameters tied to a single primary database key (domain name) that are one-size-fits-all for collection and public publication are definitely “old school”.  Object-oriented data with relational pointers and flexible context that allow for differentiated publication are a bit more modern...
>>>> >>
>>>> >> Cheers,
>>>> >>
>>>> >> Rod
>>>> >>
>>>> >>> On Jul 20, 2017, at 7:20 AM, Chuck Gomes Consulting <consult at cgomes.com> wrote:
>>>> >>>
>>>> >>> Johtan,
>>>> >>>
>>>> >>> I suggest that you either become a member of the WG and then submit this request or find a member who would put this suggestion forward.
>>>> >>>
>>>> >>> Chuck
>>>> >>>
>>>> >>> From: Jothan Frakes [mailto:jothan at jothan.com]
>>>> >>> Sent: Wednesday, July 19, 2017 1:58 PM
>>>> >>> To: Chuck Gomes Consulting <consult at cgomes.com>
>>>> >>> Cc: RDS WG <gnso-rds-pdp-wg at icann.org>
>>>> >>> Subject: Re: [gnso-rds-pdp-wg] Discussion Topics
>>>> >>>
>>>> >>> Hi-
>>>> >>>
>>>> >>> I am an observer on this group, but wanted to ask if it is possible to inject an explicit 'do not call for marketing' field into the whois which would be opt-out while we are under the hood.
>>>> >>>
>>>> >>> I realize such a thing is likely to be unenforceable, as there have been disclaimers and directions on use of the whois data within the output for years that gets completely disregarded by marketers, but it seems like it could be a hook upon which legislative efforts could be added.
>>>> >>>
>>>> >>> After receiving my 15th call today from aggressive telemarketers calling me on a telephone number that I created specifically for a new domain registration made less than 36 hours ago, it is clear to me that we MUST do something about this predatory behaviour if we can, and the information is clearly being sourced from whois.
>>>> >>>
>>>> >>> -Jothan
>>>> >>>
>>>> >>>
>>>> >>> Jothan Frakes
>>>> >>> Tel: +1.206-355-0230
>>>> >>>
>>>> >>>
>>>> >>>> On Wed, Jul 19, 2017 at 10:49 AM, Chuck Gomes Consulting <consult at cgomes.com> wrote:
>>>> >>>> Here are the list discussion topics in preparation for next week’s WG meeting:
>>>> >>>>    • Any topics related to the survey that will be distributed later today.
>>>> >>>>        • Collecting the data element ‘Registrant’ for the RDS
>>>> >>>>        • Collecting the data element ‘Registrant Organization’ for the RDS
>>>> >>>>        • Collecting the data element ‘Registrant Country’ for the RDS
>>>> >>>>        • Collecting the data element ‘Registrant Contact’ in the RDS.
>>>> >>>>    • Any topics related to collecting the following data elements* for the RDS:
>>>> >>>>        • Admin Contact & Contact ID
>>>> >>>>        • Technical Contact & Contact ID
>>>> >>>>        • Privacy/Proxy Provider Contact & Contact ID
>>>> >>>>        • Reseller
>>>> >>>>        • Registrar Abuse Contact Email Address
>>>> >>>>        • Registrar Abuse Contact Phone
>>>> >>>>        • URL of Internic Complaint Site (ICANN Whois Data Problem Reporting System)
>>>> >>>>        • Original Registration Date
>>>> >>>>
>>>> >>>> * Note that most WG members who responded to last week’s poll supported collecting these data elements for the RDS.
>>>> >>>>
>>>> >>>> If you have any questions, please ask them.
>>>> >>>>
>>>> >>>> Chuck
>>>> >>>>
>>>> >>>> _______________________________________________
>>>> >>>> gnso-rds-pdp-wg mailing list
>>>> >>>> gnso-rds-pdp-wg at icann.org
>>>> >>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>> >>>
>>>> >>> _______________________________________________
>>>> >>> gnso-rds-pdp-wg mailing list
>>>> >>> gnso-rds-pdp-wg at icann.org
>>>> >>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>> >>
>>>> >> _______________________________________________
>>>> >> gnso-rds-pdp-wg mailing list
>>>> >> gnso-rds-pdp-wg at icann.org
>>>> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>> >
>>>> > _______________________________________________
>>>> > gnso-rds-pdp-wg mailing list
>>>> > gnso-rds-pdp-wg at icann.org
>>>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> 
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170723/266a5f9b/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list