<html><body><div style="font-family: Arial; font-size: 12pt; color: #000000"><div>+1 to points made here by Volker.</div><div><br></div><div data-marker="__SIG_PRE__">Kind regards,<br><br>Chris</div><br><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: </b>"Volker Greimann" <vgreimann@key-systems.net><br><b>To: </b>"gnso-rds-pdp-wg" <gnso-rds-pdp-wg@icann.org><br><b>Sent: </b>Friday, 10 February, 2017 09:41:48<br><b>Subject: </b>Re: [gnso-rds-pdp-wg] Dangers of public whois<br></div><br><div data-marker="__QUOTED_TEXT__"><p><br>
</p>
<blockquote cite="mid:CACLR7wKRTU7nXKsK7NgqKFHJKbyD_WhhfvWR4Z7UGrc18vFgow@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<div>Pivoting off domain whois is my #1 valued resource in
cybercrime investigations.</div>
</div>
</blockquote>
Judging from the amount of abuse and spam out there, it is also the
#1 valued resource of spammers, cyber criminals, nigerian princes,
domain slammers ,etc etc.<br>
<br>
And that leads to the question: Is it really worth giving up the
private data of all registrants to whoever wants it just to catch a
few bad guys?<br>
And to answer that: I'd rather see a few criminals uncaught if that
means the innocent majority will be that much less at risk to be
victimized.<br>
<br>
Best,<br>
Volker<br>
<br>
<br>
<blockquote cite="mid:CACLR7wKRTU7nXKsK7NgqKFHJKbyD_WhhfvWR4Z7UGrc18vFgow@mail.gmail.com">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 9, 2017 at 12:16 PM, <a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>
<span dir="ltr"><<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div>Dnsservers, domainstatus, various dates, Registrar </div>
<div id="m_-5757968697736306594AppleMailSignature"><br>
</div>
<div id="m_-5757968697736306594AppleMailSignature">None of
these data are personal data imo </div>
<div id="m_-5757968697736306594AppleMailSignature"><br>
</div>
<div id="m_-5757968697736306594AppleMailSignature">The
only info you see in Whois are the contact ID the user
have at the registrar/ registry </div>
<div id="m_-5757968697736306594AppleMailSignature"><br>
</div>
<div id="m_-5757968697736306594AppleMailSignature"><br>
<br>
Sent from my iPhone</div>
<div>
<div class="h5">
<div><br>
On 9 Feb 2017, at 18:10, nathalie coupet <<a href="mailto:nathaliecoupet@yahoo.com" target="_blank">nathaliecoupet@yahoo.com</a>>
wrote:<br>
<br>
</div>
<blockquote>
<div>
<div style="color:#000;background-color:#fff;font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida
Grande,sans-serif;font-size:16px">
<div id="m_-5757968697736306594yui_3_16_0_ym19_1_1486647676190_157459"><span>Benny,</span></div>
<div id="m_-5757968697736306594yui_3_16_0_ym19_1_1486647676190_157459"><br>
</div>
<div id="m_-5757968697736306594yui_3_16_0_ym19_1_1486647676190_157459" dir="ltr"><span style="font-family:"Helvetica
Neue","Segoe
UI",Helvetica,Arial,"Lucida
Grande",sans-serif;font-size:13px" id="m_-5757968697736306594yui_3_16_0_ym19_1_1486647676190_157603">All
personal info on personal domains are hidden
by default. What are the info that remain
available for public view - after personal
information have been hidden by default -
which still enable technical operability? </span><br>
</div>
<div id="m_-5757968697736306594yui_3_16_0_ym19_1_1486647676190_157459" dir="ltr"><br>
</div>
<div id="m_-5757968697736306594yui_3_16_0_ym19_1_1486647676190_157417"> </div>
<div class="m_-5757968697736306594signature" id="m_-5757968697736306594yui_3_16_0_ym19_1_1486647676190_157415">Nathalie </div>
<div class="m_-5757968697736306594qtdSeparateBR"><br>
<br>
</div>
<div class="m_-5757968697736306594yahoo_quoted" style="display:block">
<div style="font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida
Grande,sans-serif;font-size:16px">
<div style="font-family:HelveticaNeue,Helvetica
Neue,Helvetica,Arial,Lucida
Grande,sans-serif;font-size:16px">
<div dir="ltr"><span face="Arial" size="2" data-mce-style="font-family: Arial; font-size: small;" style="font-family: Arial; font-size: small;">On
Thursday, February 9, 2017 11:46 AM, "<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>"
<<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>>
wrote:<br>
</span></div>
<br>
<br>
<div class="m_-5757968697736306594y_msg_container">Maybe
not but there are nothing who prevent us
from trying to protect people from there
mistakes and stupidity and still be able
to have certain level of technical
operability with whois data.<br clear="none">
<br clear="none">
A good example are .se which have a
whois policy where all personal info on
personal domains are hidden by default.
The registrant need to opt out of the
privacy actively by making a decision.
That might be the way we should think
instead of what to do to hide data.<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
--<br clear="none">
Med vänliga hälsningar / Kind Regards /
Med vennlig hilsen<br clear="none">
<br clear="none">
<br clear="none">
Benny Samuelsen<br clear="none">
Registry Manager - Domainexpert<br clear="none">
<br clear="none">
Nordreg AB - ICANN accredited registrar<br clear="none">
IANA-ID: 638<br clear="none">
<br clear="none">
Phone: <a href="tel:+46%2042%2019%2070%2080" target="_blank">+46.42197080</a><br clear="none">
Direct: <a href="tel:+47%2032%2026%2002%2001" target="_blank">+47.32260201</a><br clear="none">
Mobile: <a href="tel:+47%20404%2010%20200" target="_blank">+47.40410200</a><br clear="none">
<br clear="none">
On 09/02/2017, 17:38, "<a shape="rect" href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a>
on behalf of Greg Aaron" <<a shape="rect" href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a>
on behalf of <a shape="rect" href="mailto:gca@icginc.com" target="_blank">
gca@icginc.com</a>> wrote:<br clear="none">
<br clear="none">
Is ICANN (or anyone else)
responsible for protecting Spicer from
himself? A lot of the articles about
this subject point out that Spicer was
neglectful and occasionally incompetent.<br clear="none">
<br clear="none">
Here are some facts to consider:<br clear="none">
* Privacy protection was available
and Spicer didn’t obtain it. That was
his choice.
<br clear="none">
* Spicer agreed to have his data
published in WHOIS. So that was either
OK with him, or he didn't read the terms
of service in his domain registration
agreement. Either way, it was his
choice.
<br clear="none">
* Spicer tweeted out his own Twitter
password. He's responsible for that. <br clear="none">
* Spicer himself published his email
address in many, many public places over
the years. A simple Google search will
tell you what his email address was.
<br clear="none">
* Those data breaches that Volker
mentions have nothing to do with domain
registration data. They did not reveal
domain registration data. Domain
registration data didn't allow hackers
to penetrate Dropbox, LinkedIn, and
MySpace, and the other places where
Spicer's credentials were lost over the
years. Bad corporate security allowed
those breaches to happen.
<br clear="none">
* Spicer has a very different risk
profile than the average person. He's
been a prominent PR and political
operative for many years (and is now
working for the most scrutinized entity
in the world). A key tenet of risk
assessment is that exceptional cases may
not justify making rules that affect
everyone. <br clear="none">
<br clear="none">
All best,<br clear="none">
--Greg<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
-----Original Message-----<br clear="none">
From: <a shape="rect" href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">
gnso-rds-pdp-wg-bounces@icann.org</a>
[mailto:<a shape="rect" href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a>]
On Behalf Of Volker Greimann<br clear="none">
Sent: Thursday, February 9, 2017
4:28 AM<br clear="none">
To: <a shape="rect" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">
gnso-rds-pdp-wg@icann.org</a><br clear="none">
Subject: [gnso-rds-pdp-wg] Dangers
of public whois<br clear="none">
<br clear="none">
As we tend to get lost in the thick
and nitty gritty from time to time, this
recent article should remind us what we
are working for:<br clear="none">
<br clear="none">
<a href="http://mashable.com/2017/02/07/sean-spicer-who-is" target="_blank">mashable.com/2017/02/07/sean-spicer-who-is</a><br clear="none">
<br clear="none">
also here: <br clear="none">
<a shape="rect" href="http://domainnamewire.com/2017/02/08/sean-spicer-brings-attention-whois-privacy/" target="_blank">
http://domainnamewire.com/2017/02/08/sean-spicer-brings-attention-whois-privacy/</a><br clear="none">
<br clear="none">
While it could not have hit a nicer
guy, he completely and accurately
followed policy and look where it lead.
Hi private address and telephone number
as well as email address known to the
world, other domains he registered for
himself and his family published, etc.
As his email address was compromised in
no less than three leaks (plus one
honorable mention on Wikileaks), and he
recently tweeted his password, it may
even be possible to dig deeper.<br clear="none">
<br clear="none">
I hope this helps remind folks that
getting private data out of the public
view is a good thing.<br clear="none">
<br clear="none">
-- <br clear="none">
<br clear="none">
Bei weiteren Fragen stehen wir Ihnen
gerne zur Verfügung.<br clear="none">
<br clear="none">
Mit freundlichen Grüßen,<br clear="none">
<br clear="none">
Volker A. Greimann<br clear="none">
- Rechtsabteilung -<br clear="none">
<br clear="none">
Key-Systems GmbH<br clear="none">
Im Oberen Werk 1<br clear="none">
66386 St. Ingbert<br clear="none">
Tel.: <a href="tel:+49%206894%209396901" target="_blank">+49
(0) 6894 - 9396 901</a><br clear="none">
Fax.: <a href="tel:+49%206894%209396851" target="_blank">+49
(0) 6894 - 9396 851</a><br clear="none">
Email: <a shape="rect" href="mailto:vgreimann@key-systems.net" target="_blank">
vgreimann@key-systems.net</a><br clear="none">
<br clear="none">
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a>
/ <a href="http://www.RRPproxy.net" target="_blank">
www.RRPproxy.net</a> <a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a>
/
<a href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a><br clear="none">
<br clear="none">
Folgen Sie uns bei Twitter oder
werden Sie unser Fan bei Facebook:<br clear="none">
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><br clear="none">
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><br clear="none">
<br clear="none">
Geschäftsführer: Alexander Siffrin<br clear="none">
Handelsregister Nr.: HR B 18835 -
Saarbruecken Umsatzsteuer ID.:
DE211006534<br clear="none">
<br clear="none">
Member of the KEYDRIVE GROUP<br clear="none">
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a><br clear="none">
<br clear="none">
Der Inhalt dieser Nachricht ist
vertraulich und nur für den angegebenen
Empfänger bestimmt. Jede Form der
Kenntnisgabe, Veröffentlichung oder
Weitergabe an Dritte durch den Empfänger
ist unzulässig. Sollte diese Nachricht
nicht für Sie bestimmt sein, so bitten
wir Sie, sich mit uns per E-Mail oder
telefonisch in Verbindung zu setzen.<br clear="none">
<br clear="none">
--------------------------------------------<br clear="none">
<br clear="none">
Should you have any further
questions, please do not hesitate to
contact us.<br clear="none">
<br clear="none">
Best regards,<br clear="none">
<br clear="none">
Volker A. Greimann<br clear="none">
- legal department -<br clear="none">
<br clear="none">
Key-Systems GmbH<br clear="none">
Im Oberen Werk 1<br clear="none">
66386 St. Ingbert<br clear="none">
Tel.: <a href="tel:+49%206894%209396901" target="_blank">+49
(0) 6894 - 9396 901</a><br clear="none">
Fax.: <a href="tel:+49%206894%209396851" target="_blank">+49
(0) 6894 - 9396 851</a><br clear="none">
Email: <a shape="rect" href="mailto:vgreimann@key-systems.net" target="_blank">
vgreimann@key-systems.net</a><br clear="none">
<br clear="none">
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a>
/ <a href="http://www.RRPproxy.net" target="_blank">
www.RRPproxy.net</a> <a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a>
/
<a href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a><br clear="none">
<br clear="none">
Follow us on Twitter or join our fan
community on Facebook and stay updated:<br clear="none">
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><br clear="none">
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><br clear="none">
<br clear="none">
CEO: Alexander Siffrin<br clear="none">
Registration No.: HR B 18835 -
Saarbruecken V.A.T. ID.: DE211006534<br clear="none">
<br clear="none">
Member of the KEYDRIVE GROUP<br clear="none">
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a><br clear="none">
<br clear="none">
This e-mail and its attachments is
intended only for the person to whom it
is addressed. Furthermore it is not
permitted to publish any content of this
email. You must not use, disclose, copy,
print or rely on this e-mail. If an
addressing or transmission error has
misdirected this e-mail, kindly notify
the author by replying to this e-mail or
contacting us by telephone.<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
_______________________________________________<br clear="none">
gnso-rds-pdp-wg mailing list<br clear="none">
<a shape="rect" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">
gnso-rds-pdp-wg@icann.org</a><br clear="none">
<a shape="rect" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
<div class="m_-5757968697736306594yqt1546333196" id="m_-5757968697736306594yqtfd52312"><br clear="none">
_______________________________________________<br clear="none">
gnso-rds-pdp-wg mailing list<br clear="none">
<a shape="rect" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">
gnso-rds-pdp-wg@icann.org</a><br clear="none">
<a shape="rect" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br clear="none">
<br clear="none">
_______________________________________________<br clear="none">
gnso-rds-pdp-wg mailing list<br clear="none">
<a shape="rect" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br clear="none">
<a shape="rect" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature">_________________________________<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
<br>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br>gnso-rds-pdp-wg@icann.org<br>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg<br></div></div></body></html>