<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Allison,<br>
</p>
<br>
<blockquote
cite="mid:CACLR7wJbdJPGWCkC6hZJ=ntzzDfp+PiefoERWJwQ2+Qp363WZw@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div><span style="font-size:12.8px">Several registrars already
offer free whois privacy. They made it work, so you should
keep up!</span></div>
</div>
</blockquote>
Most such registrars still charge for the same service, it is just
that the cost is hidden in their more expensive registration fees.
Or they do not handle complaints appropriately. Or, or, or...<br>
<br>
Ultimately, someone is going to pay for the service, and it is not
the registrar offering it for "free". <br>
<br>
TANSTAAFL.<br>
<blockquote
cite="mid:CACLR7wJbdJPGWCkC6hZJ=ntzzDfp+PiefoERWJwQ2+Qp363WZw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span style="font-size:12.8px"><br>
</span></div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span
style="font-size:12.8px">Maybe dumb bad actors. Savvy bad
actors just populate whois with data of unknowing third
parties, thereby rendering any verification and validation
instruments useless and inconveniencing the affected data
subjects as well.</span><span style="font-size:12.8px"> </span></blockquote>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">I'm glad you know so much
about how bad actors abuse whois. But from my own limited
experiences- I don't see that many input validation
mechanisms on bad domains because there are a lot of
"555-5555" phone numbers out there and other arbitrary
strings.</span></div>
</div>
</blockquote>
I see what comes over my desk. Most domains we find involved in
whois have perfectly formed and verifiable whois. The data just does
not match the person who registered it.<br>
<blockquote
cite="mid:CACLR7wJbdJPGWCkC6hZJ=ntzzDfp+PiefoERWJwQ2+Qp363WZw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"><span
style="font-size:12.8px">Some points/thoughts :<br>
</span><span style="font-size:12.8px">Cost of providing the
service (this includes cost of the office, personnel to
run it - unless you are going to offer this free "John B"
to all ICANN registrars ?)<br>
</span><span style="font-size:12.8px">The underlying data
may not even be allowed to be provided to the whois
privacy service, unless it is in the local jurisdiction of
the registrant.<br>
</span><span style="font-size:12.8px">Harvesting and storage
of whois data to be re-wrapped and sold is illegal and
many registrars state this on the terms and conditions.<br>
</span><span style="font-size:12.8px">Gated access has to be
properly defined for each gate/right of access, an
example, a registrar would normally only need access to
external whois for the purpose of transferring a domain
name - they have no other reason to need access to this
data. (registration, is totally different as it doesnt
need access to the "whois") As above, storage of whois
data is illegal unless it was for a lawful purpose and the
only one I can think of is transfers. ICANN require
registrars to keep this info for upto 2 or 7 years (cant
remember which). This will step on some registrars toes
as well as John H's toes whi have a business model around
the supply of whois data for commercial gain (namely
charging for it).<br>
</span><span style="font-size:12.8px">I am sorry to say that
none of what the WG will do or complete will stop bad
actors, they are smart, they are not dumb (well some of
them are:) )</span></blockquote>
</div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">so who decided that these
normal uses of whois are suddenly illegal? I hereby declare
my allegiance to the dark side. Down with the government.</span></div>
</div>
</blockquote>
Depends on the terms you accept when you make the whois inquiry. You
may be violating the terms of the registrar or registry providing
the whois service. <br>
Please note that ICANN mandates that registrars have an access
agreement in place for any bulk request of whois data, most
registrar apply the same rules for use of their whois data in
general. <br>
And yes, registrars are free to contractually limit the uses the
data they provide can be put to.<br>
<br>
<br>
<blockquote
cite="mid:CACLR7wJbdJPGWCkC6hZJ=ntzzDfp+PiefoERWJwQ2+Qp363WZw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Mar 23, 2017 at 8:16 AM, Chris
Pelling <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:chris@netearth.net" target="_blank">chris@netearth.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div
style="font-family:Arial;font-size:12pt;color:#000000">
<div>Typo <span
style="color:#000000;font-family:arial;font-size:16px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none">materialistic
should have been minimalistic </span></div>
<div><br>
</div>
<div>Kind regards,<br>
<br>
Chris</div>
<br>
<hr id="m_-6109239658782977786zwchr">
<div><b>From: </b>"Chris Pelling" <<a
moz-do-not-send="true"
href="mailto:chris@netearth.net" target="_blank">chris@netearth.net</a>><br>
<b>To: </b>"gnso-rds-pdp-wg" <<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>><br>
<b>Sent: </b>Thursday, 23 March, 2017 12:06:01
<div>
<div class="h5"><br>
<b>Subject: </b>Re: [gnso-rds-pdp-wg] a
suggestion for "purpose in detail"<br>
</div>
</div>
</div>
<div>
<div class="h5"><br>
<div>
<div
style="font-family:Arial;font-size:12pt;color:#000000">
<div>Hi all,</div>
<br>
<div>I hope everyone got home safe that attended
ICANN58 :)</div>
<br>
<div>Having just sat through and played catch up
on this thread, a few things stand out to me.</div>
<br>
<div>On one side you have a stakeholder person
(maybe group) advocating they will pushing for
"free whois protection" provided by registrar
which simply won't happen - for a number of
reasons (see below), whereas the fundamental
issue is what will be collected and who will
be able to see it. Maybe this could be worked
on from a materialistic point of view, really
what does WHOIS/RDS need to show as its most
basic data, I remember a discussion some
months ago where Michele mentioned about
simply domain name, dates of registration,
expiry and DNS servers. (registrar name and
abuse contact details are a given to be
shown) </div>
<br>
<div>The storage of such data depending on
"whom" the registrant and/or other contacts
are located, and where it is being seen from
(different jurisdiction for example) will come
out further down the line in our
deliberations. </div>
<br>
<div>Some points/thoughts :</div>
<ul>
<li>Cost of providing the service (this
includes cost of the office, personnel to
run it - unless you are going to offer this
free "John B" to all ICANN registrars ?)</li>
<li>The underlying data may not even be
allowed to be provided to the whois privacy
service, unless it is in the local
jurisdiction of the registrant.</li>
<li>Harvesting and storage of whois data to be
re-wrapped and sold is illegal and many
registrars state this on the terms and
conditions.</li>
<li>Gated access has to be properly defined
for each gate/right of access, an example, a
registrar would normally only need access to
external whois for the purpose of
transferring a domain name - they have no
other reason to need access to this data.
(registration, is totally different as it
doesnt need access to the "whois") As
above, storage of whois data is illegal
unless it was for a lawful purpose and the
only one I can think of is transfers. ICANN
require registrars to keep this info for
upto 2 or 7 years (cant remember which).
This will step on some registrars toes as
well as John H's toes whi have a business
model around the supply of whois data for
commercial gain (namely charging for it).</li>
<li>I am sorry to say that none of what the WG
will do or complete will stop bad actors,
they are smart, they are not dumb (well some
of them are:) )</li>
</ul>
<div>As for John H and clowns, I would gladly
offer my services to help you get over that :)
My issue/phobia is the dark, sadly for me
that is a reality I won't be able to
overcome. </div>
<br>
<div>Kind regards,<br>
<br>
Chris</div>
<br>
<hr id="m_-6109239658782977786zwchr">
<div><b>From: </b>"John Horton" <<a
moz-do-not-send="true"
href="mailto:john.horton@legitscript.com"
target="_blank">john.horton@legitscript.com</a>><br>
<b>To: </b>"nathalie coupet" <<a
moz-do-not-send="true"
href="mailto:nathaliecoupet@yahoo.com"
target="_blank">nathaliecoupet@yahoo.com</a>><br>
<b>Cc: </b>"gnso-rds-pdp-wg" <<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>><br>
<b>Sent: </b>Wednesday, 22 March, 2017
16:33:22<br>
<b>Subject: </b>Re: [gnso-rds-pdp-wg] a
suggestion for "purpose in detail"<br>
</div>
<br>
<div>
<div dir="ltr">
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444">Thanks,
Nathalie. I'm sure many share your
frustration!</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444">I
think that's a constructive question, and
I'll jump in. My biggest fear is that in
the monitoring that companies like mine do
for banks, payment providers, e-commerce
companies, etc. that helps determine
whether a merchant is who they say they
are, and whether they are engaged in other
bad activity (i.e., laundering money) will
be unable to obtain access to the Whois
records we need in order to preserve the
integrity of the payments system, protect
payment providers from risk, and
derivatively protect consumers. In other
words, my fear is that we'll lose access
to Whois records, which we need for that
purpose. </div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444"><br>
</div>
<div class="gmail_default"
style="font-family:arial,helvetica,sans-serif;color:#444444">Actually,
to be honest, that's not true -- my
biggest fear (to answer your question
directly) is of clowns, and every time I
travel, I ask the hotel to please check
for clowns in my closet before I enter the
room. But I assume you didn't really want
to know my biggest fear -- you just want
to know my biggest fear in relation to
Whois policy, correct? Two different
things, but yeah -- if a clown jumped out
of my hotel closet, that would probably be
the realization of my biggest fear. That's
probably nothing that this working group
can do much about, though. </div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div
class="m_-6109239658782977786gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr"><span
style="color:#073763;font-family:arial,helvetica,sans-serif">John Horton<br>
President and
CEO,
LegitScript</span>
<div><img
moz-do-not-send="true"
height="36"
width="96"><br>
<div>
<div>
<p
style="margin:0.0px
0.0px 0.0px
0.0px;font:12.0px
Helvetica"><br>
</p>
<p
style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><span
style="color:#444444">Follow</span><span style="color:#0b5394"> </span><span
style="color:#000000">Legit</span><span style="color:#0b5394">Script</span></b>:
<a
moz-do-not-send="true"
href="http://www.linkedin.com/company/legitscript-com"
style="font-weight:normal"
target="_blank"><span style="color:#cc0000">LinkedIn</span></a> | <a
moz-do-not-send="true"
href="https://www.facebook.com/LegitScript" style="font-weight:normal"
target="_blank"><span
style="color:#6aa84f">Facebook</span></a> | <a moz-do-not-send="true"
href="https://twitter.com/legitscript" style="font-weight:normal"
target="_blank"><span
style="color:#674ea7">Twitter</span></a> | <span style="color:#ff9900"><span
style="text-decoration:underline"><a moz-do-not-send="true"
href="http://blog.legitscript.com"
target="_blank">Blog</a></span></span> |<span style="color:#ff9900"> <span
style="font-weight:normal"><a moz-do-not-send="true"
href="https://plus.google.com/112436813474708014933/posts"
target="_blank">Google+</a></span></span></p>
<p
style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span
style="color:#ff9900"><br>
</span></p>
<p
style="text-align:left;margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span
style="color:#ff9900"><img moz-do-not-send="true" height="96" width="46"><img
moz-do-not-send="true" height="96" width="47"><br>
</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Mar 22,
2017 at 9:24 AM, nathalie coupet via
gnso-rds-pdp-wg <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">+1 I must
say I'm a bit disillusioned by the
entire process. This PDP should look
like a negotiating table, instead it is
more like a War of Trenches.<br>
If stakeholders are not motivated to
negotiate, there is no sense of urgency
and stakes for change are so low, then I
wonder what we are doing here in the
first place.<br>
Could every stakeholder state what their
biggest fear is, and we could try to
avoid their realization?<br>
Or maybe, in last resort, we should just
vote for the best proposal and go home?<br>
<br>
Nathalie<br>
<br>
<br>
Sent from my iPhone<br>
<div
class="m_-6109239658782977786HOEnZb">
<div class="m_-6109239658782977786h5"><br>
> On Mar 22, 2017, at 12:06 PM,
Andrew Sullivan <<a
moz-do-not-send="true"
href="mailto:ajs@anvilwalrusden.com"
target="_blank">ajs@anvilwalrusden.com</a>>
wrote:<br>
><br>
>> On Wed, Mar 22, 2017 at
10:19:56AM -0500, John Bambenek
wrote:<br>
>> Yes there is a difference
which is why I am using both words.
And that's why I am suggesting we
talking about optional and maskable
fields right up front as part of the
requirements discussion not some
ancillary discussion that happens
later after all the decisions are
already made.<br>
>><br>
><br>
> I thought the WG had already
decided on a different (multi-pass)<br>
> strategy, in which data
collection itself was treated first
with the<br>
> principle that, if there were
some (legitmate, hand-wave
hand-wave)<br>
> purpose then collection would
be considered. Later, the further<br>
> question of access to such
collected items would be taken up.<br>
><br>
> I don't really care which way
we do this, but it seems to me that
we<br>
> need to stop arguing about the
way by which we'll reach a result
and<br>
> start actually doing work in
the direction of some result. The<br>
> meta-discussions about process
are wearing out contributors (well,
at<br>
> least one contributor!) and
creating the condition in which
those who<br>
> want no changes at all will get
their way by exhaustion. If ICANN
is<br>
> incapable of coming to terms
with the deficiencies of whois (the<br>
> protocol) after all this time,
it will be revealed to be
ridiculous.<br>
><br>
> Best regards,<br>
><br>
> A<br>
><br>
> --<br>
> Andrew Sullivan<br>
> <a moz-do-not-send="true"
href="mailto:ajs@anvilwalrusden.com"
target="_blank">ajs@anvilwalrusden.com</a><br>
> ______________________________<wbr>_________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> <a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</body>
</html>