[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP

Alan Greenberg alan.greenberg at mcgill.ca
Fri Feb 16 18:12:12 UTC 2018 

"Because anonymity sometimes gives people the 
courage to say things online that they wouldn’t ordinarily share."

It does indeed, and often shows a side of 
humanity that makes me want less than proud to be 
a member of the same race (human).

Whether Mr. WHOIS is as base a creature as he 
makes out, or is idly boasting, or if this is a 
rather poor attempt at humor does not really 
matter. We know that some people make use of 
personal information for bad purposes.

The real question is where to draw lines of 
availability of the personal data (as defined by 
EU data commissioners in this case).

The Internet is NOT a safe place to be. GDPR and 
related changes will change the landscape, but 
making more information private and making 
cyber-protection more difficult. I come down 
firmly on trying to ensure that it does not get a 
LOT worse due to these changes.

Alan

At 16/02/2018 03:42 AM, Ayden Férdeline wrote:

>Brian Krebs is someone who I hold in high 
>esteem, so of course I did read his article. And 
>he raised some points that saw me legitimately pause and reflect.
>
>And then I read the comments. Why? Because 
>anonymity sometimes gives people the courage to 
>say things online that they wouldn’t ordinarily share.
>
>Given the readership of Krebs' website, which I 
>suspect attracts an equal number of 
>cybercriminals to security researchers, I found 
>the honesty - that some are using WHOIS for 
>malicious purposes - to be very refreshing.
>
>I never said read only that comment; I said, 
>"the comments are certainly worth a read," and 
>they are. There are other insightful comments: a 
>security researcher who says WHOIS data is being 
>abused, a long-time reader who disagrees with 
>Krebs and says we can "get the cyber criminals 
>and our privacy at the same time", another who 
>notes the "incredible [nuance]" of the GDPR 
>which they say "seems to *actually be aimed at trying to solve the problem*."
>
>So please, do read all of the comments.
>
>Ayden
>
>
>-------- Original Message --------
>On 16 February 2018 8:11 AM, Greg Shatan <gregshatanipc at gmail.com> wrote:
>
>>If you read all the comments, and not just the 
>>one from the person with the pseudonym 
>>“WHOIS” you will see that the comments run 
>>somewhat in favor of keeping Whois information 
>>public.  As for Mr. WHOIS, the pseudonym nicely 
>>provides him the privacy to confess to doxxing 
>>people and remain unidentifiable. So the 
>>comments are indeed worthwhile, both as an 
>>example of the range and distribution of views 
>>on the subject and the use of a form of 
>>“privacy” to hide from detection. (Unless 
>>someone is advocating a “right to doxx”, 
>>that would seem to be a Bad Thing.) of course, 
>>he could be fibbing, and never doxxed anyone, but no way to know that....
>>
>>Finally, I think reading the article is much 
>>more worthwhile than reading the comments, just 
>>as I think the views of Brian Krebs are much 
>>more worthwhile than those of Mr. WHOIS-who-mightormightnot-be-a-doxxer.
>>
>>  I suppose everyone is entitled to their 
>> sources of information, but I still ascribe to 
>> the caveat “consider the source”.
>>
>>Greg
>>
>>
>>On Thu, Feb 15, 2018 at 9:18 PM Ayden 
>>Férdeline <<mailto:icann at ferdeline.com>icann at ferdeline.com> wrote:
>>The comments are certainly worth a read. I have 
>>observed one commenter note that they use WHOIS 
>>to dox others. Very troubling, and in line with 
>><https://www.icann.org/en/system/files/files/gdpr-comments-apc-icann-proposed-compliance-models-29jan18-en.pdf>this 
>>comment submitted by Anriette Esterhuysen of 
>>APC to ICANN last month, where she noted that, 
>>"These are not just hypothetical or trivial 
>>risks. An APC staff member whose address was 
>>included in the WHOIS database received a death 
>>threat directed at herself and her family."
>>
>>— Ayden <
>>
>>
>>-------- Original Message --------
>>On 16 February 2018 1:07 AM, Dotzero 
>><<mailto:dotzero at gmail.com>dotzero at gmail.com> wrote:
>>
>>>
>>><https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/>https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/
>>>Michael Hammer
>>
>>_______________________________________________
>>gnso-rds-pdp-wg mailing list
>><mailto:gnso-rds-pdp-wg at icann.org>gnso-rds-pdp-wg at icann.org
>>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline
>X-Microsoft-Exchange-Diagnostics:
> 
>1;YQXPR0101MB1589;27:khRNlE55briz0+B1Ay6oZoFpuJBCCahpqoyUqYl0aYPZcRRZcBjsqi6PJN0FxmsMpSZU0i5QSy1xuHDhDbvE8qkBP8f77ArVi3Zh5sX6OLxthG1pz/mLEnGHb8TTjUWz
>X-Microsoft-Antispam-Message-Info:
> 
>Ub+zGAe1btCRsUArd7PQCZuPCri/9A2CKLZWnx9d2+yt+tLdsZS0pLgk28l0qsObXz14/Wzxs3xYw0ZASrCYUIntuKcXBhXDVfJu6U4WhBzZhmnNDFNqlyKFBBk85Qzw1Nw8F0RJO2H/aks+Vbyklg==
>
>_______________________________________________
>gnso-rds-pdp-wg mailing list
>gnso-rds-pdp-wg at icann.org
>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180216/3ddb7558/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list