[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP

Fri Feb 16 08:42:58 UTC 2018

Brian Krebs is someone who I hold in high esteem, so of course I did read his article. And he raised some points that saw me legitimately pause and reflect.

And then I read the comments. Why? Because anonymity sometimes gives people the courage to say things online that they wouldn’t ordinarily share.

Given the readership of Krebs' website, which I suspect attracts an equal number of cybercriminals to security researchers, I found the honesty - that some are using WHOIS for malicious purposes - to be very refreshing.

I never said read only that comment; I said, "the comments are certainly worth a read," and they are. There are other insightful comments: a security researcher who says WHOIS data is being abused, a long-time reader who disagrees with Krebs and says we can "get the cyber criminals and our privacy at the same time", another who notes the "incredible [nuance]" of the GDPR which they say "seems to *actually be aimed at trying to solve the problem*."

So please, do read all of the comments.

Ayden

-------- Original Message --------
On 16 February 2018 8:11 AM, Greg Shatan <gregshatanipc at gmail.com> wrote:

> If you read all the comments, and not just the one from the person with the pseudonym “WHOIS” you will see that the comments run somewhat in favor of keeping Whois information public.  As for Mr. WHOIS, the pseudonym nicely provides him the privacy to confess to doxxing people and remain unidentifiable. So the comments are indeed worthwhile, both as an example of the range and distribution of views on the subject and the use of a form of “privacy” to hide from detection. (Unless someone is advocating a “right to doxx”, that would seem to be a Bad Thing.) of course, he could be fibbing, and never doxxed anyone, but no way to know that....
>
> Finally, I think reading the article is much more worthwhile than reading the comments, just as I think the views of Brian Krebs are much more worthwhile than those of Mr. WHOIS-who-mightormightnot-be-a-doxxer.
>
>  I suppose everyone is entitled to their sources of information, but I still ascribe to the caveat “consider the source”.
>
> Greg
>
> On Thu, Feb 15, 2018 at 9:18 PM Ayden Férdeline <icann at ferdeline.com> wrote:
>
>> The comments are certainly worth a read. I have observed one commenter note that they use WHOIS to dox others. Very troubling, and in line with [this comment](https://www.icann.org/en/system/files/files/gdpr-comments-apc-icann-proposed-compliance-models-29jan18-en.pdf) submitted by Anriette Esterhuysen of APC to ICANN last month, where she noted that, "These are not just hypothetical or trivial risks. An APC staff member whose address was included in the WHOIS database received a death threat directed at herself and her family."
>>
>> — Ayden
>>
>> -------- Original Message --------
>> On 16 February 2018 1:07 AM, Dotzero <dotzero at gmail.com> wrote:
>>
>>> https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/
>>> Michael Hammer
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180216/4461a869/attachment.html>