<div dir="ltr">re: Volker's post:<div><br><div>>> <span style="font-size:12.8px">Granted, however if there is a way to limit the access of evildoers while still allowing those without ill intent reasonable access, should we not explore such a way preferentially? The more we can shift the balance away from abusive potential and towards positive use, the better.</span></div><div><br></div><div>Yes, and (not naming names without their permission), one of the people joined to this list actually took part in the takedown of one of the gangs that was abusing whois data to spam people with fake renewal notices. There are ways to combat this that don't involve shutting whois down. We know how to deal with this and if youall have info to contribute about ongoing operations of this sort, we will take them down.</div><div><br></div><div>Benny's post:</div><div><br></div><div>>><span style="font-size:12.8px">So if I understand you right you pay registrars today to get these data?</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Right now, no. But without speaking for anyone else, I am okay with a portion of what I pay going to the registrars that keep these whois servers alive. I think it's fair. I strongly suspect that most of your WHOIS traffic is due to bulk queriers. If such an arrangement was possible, it could also reduce the number of "repeat" queries made by queriers checking for changes in records- perhaps record changes could be a "push" arrangement. This could be done without closing off access to individuals who want to make "one-off" queries, but drastically reduce the costs faced by serving bulk queries.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">It could also have the side-effect of making abusive use of whois more apparent and easy to track down. People in our line of work do not take kindly to that sort of activity and if this is actually a major concern for youall, we can work together on this. </span></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 6, 2017 at 1:18 PM, <a href="mailto:benny@nordreg.se">benny@nordreg.se</a> <span dir="ltr"><<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
<br>
> On 6 Jun 2017, at 19:10, allison nixon <<a href="mailto:elsakoo@gmail.com">elsakoo@gmail.com</a>> wrote:<br>
><br>
> >>Sure I understand free and unlimited access are nice to have…<br>
><br>
> Most of us actually pay significant amounts of money for access to the data in bulk. I don't know if the registrars would be interested in something like that to help offset their costs of running whois servers.<br>
<br>
</span>So if I understand you right you pay registrars today to get these data?<br>
<span class=""><br>
<br>
><br>
> >>Not a part of my comment and dont belong here when you reply to my post…<br>
><br>
> by the time i get to my email, a number of mails have gone by. i'll more clearly mark them as separate posts next time.<br>
><br>
> >>Just answer me on this why should they be allowed a non contractual use of the data, and not all Security are white hats which only do good<br>
><br>
> Data can be used for good and evil. I am sure the data is being used for some sort of evil. Just because someone has devised a malicious use for something doesn't mean that it should be shut down for everyone. There's a balance of benefits and harms here, and right now the benefits outweigh the harms by far. Any analysis of the total harms caused by whois, versus the harms prevented using whois will be far in favor of the latter.<br>
><br>
<br>
</span>Then why should it be a drawback to have a contractual agreement for access and how it can and should be used? Wouldn’t that be a benefit for all parts about rights for data even for the registrant?<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
><br>
><br>
> On Tue, Jun 6, 2017 at 1:01 PM, <a href="mailto:benny@nordreg.se">benny@nordreg.se</a> <<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>> wrote:<br>
><br>
><br>
> > On 6 Jun 2017, at 18:51, allison nixon <<a href="mailto:elsakoo@gmail.com">elsakoo@gmail.com</a>> wrote:<br>
> ><br>
> > >>You state that Public whois are important so people can check if there personal info are used for registration of domains, but can’t the same public data be the source for the data being abused for registrations?<br>
> ><br>
> > You are inventing an imaginary edge case as a rebuttal to evidence based observations that we have made in the course of our work.<br>
><br>
> Well I see different, where data in whois combined with other sources are used for different kind of scams.<br>
><br>
><br>
> ><br>
> > >>Anti Abuse are important no one disagree on that, what I just don’t get are why you and others can’t come up with an idea of how we can make a better solution than today which benefits all sides, instead of fighting for Status Quo.<br>
> ><br>
> > The status quo is actually really good. We can do our work without viewing people's ACTUAL private data, like their billing info or personal internet traffic from their ISP. And we can do our work without any government coercion to force people to disclose anything. I don't see why there is such a desire to disrupt this balance. It is only downhill from here.<br>
><br>
> Sure I understand free and unlimited access are nice to have…<br>
><br>
> ><br>
> > >>What business is it of ours how a registrant uses a domain name<br>
> ><br>
> > This is the exact same argument used by bullet proof hosters, but the cops never buy it. I'm not saying you are, but I'm saying that this argument has never been regarded as a valid defense when open and rampant abuse is happening among one's customer base.<br>
><br>
><br>
> Not a part of my comment and dont belong here when you reply to my post…<br>
><br>
><br>
> ><br>
> > >>Well Registrars and Registries have contractual obligations on how data shall be handled and I don’t see why anti abuse and others handling those data elements shall be allowed to freely use these data in a non controlled manner were there are no contractual obligations.<br>
> ><br>
> > You do understand that the security industry is more than willing to pay for bulk, unrestricted access to this data, right?<br>
><br>
> Just answer me on this why should they be allowed a non contractual use of the data, and not all Security are white hats which only do good<br>
><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > On Tue, Jun 6, 2017 at 11:59 AM, <a href="mailto:benny@nordreg.se">benny@nordreg.se</a> <<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>> wrote:<br>
> > You state that Public whois are important so people can check if there personal info are used for registration of domains, but can’t the same public data be the source for the data being abused for registrations?<br>
> > --<br>
> > Med vänliga hälsningar / Kind Regards / Med vennlig hilsen<br>
> ><br>
> > Benny Samuelsen<br>
> > Registry Manager - Domainexpert<br>
> ><br>
> > Nordreg AB - ICANN accredited registrar<br>
> > IANA-ID: 638<br>
> > Phone: <a href="tel:%2B46.42197000" value="+4642197000">+46.42197000</a><br>
> > Direct: <a href="tel:%2B47.32260201" value="+4732260201">+47.32260201</a><br>
> > Mobile: <a href="tel:%2B47.40410200" value="+4740410200">+47.40410200</a><br>
> ><br>
> > > On 6 Jun 2017, at 17:53, jonathan matkowsky <<a href="mailto:jonathan.matkowsky@riskiq.net">jonathan.matkowsky@riskiq.net</a><wbr>> wrote:<br>
> > ><br>
> > > What do you mean?<br>
> > ><br>
> > > Jonathan Matkowsky<br>
> > ><br>
> > > On Tue, Jun 6, 2017 at 6:39 PM, <a href="mailto:benny@nordreg.se">benny@nordreg.se</a> <<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>> wrote:<br>
> > > And you can by that say with a 100 % certainty that those abused data was not originating from whois it self?<br>
> > ><br>
> > > --<br>
> > > Med vänliga hälsningar / Kind Regards / Med vennlig hilsen<br>
> > ><br>
> > > Benny Samuelsen<br>
> > > Registry Manager - Domainexpert<br>
> > ><br>
> > > Nordreg AB - ICANN accredited registrar<br>
> > > IANA-ID: 638<br>
> > > Phone: <a href="tel:%2B46.42197000" value="+4642197000">+46.42197000</a><br>
> > > Direct: <a href="tel:%2B47.32260201" value="+4732260201">+47.32260201</a><br>
> > > Mobile: <a href="tel:%2B47.40410200" value="+4740410200">+47.40410200</a><br>
> > ><br>
> > > > On 6 Jun 2017, at 16:54, jonathan matkowsky <<a href="mailto:jonathan.matkowsky@riskiq.net">jonathan.matkowsky@riskiq.net</a><wbr>> wrote:<br>
> > > ><br>
> > > > Abusive domains are also seriously problematic from a privacy standpoint because apart from fake credentials as Natale mentions below, I can't begin to tell you how many cases I've seen in the last several years where innocent peoples' identities are compromised and then used in the Whois as part of the abuse. Without access to the public Whois, they never would have known their identity had been stolen. Access to Whois for abusive domains actually serves to protect privacy interests.<br>
> > > ><br>
> > > > Jonathan Matkowsky<br>
> > > ><br>
> > > > On Tue, Jun 6, 2017 at 4:58 PM, Natale Maria Bianchi <<a href="mailto:nmb@spamhaus.org">nmb@spamhaus.org</a>> wrote:<br>
> > > > Besides private and business domains, there is also the large category of<br>
> > > > abusive domains - domains registered (or acquired from a previous owner)<br>
> > > > for the only purpose of abusing the Internet. One may perhaps categorize<br>
> > > > them as "business", but it does not make much sense to put them together<br>
> > > > with domains used legitimately, or worry much about privacy issues -<br>
> > > > those are typically registered giving fake credentials, or the<br>
> > > > credentials are hidden from the public through an anonymous registration,<br>
> > > > and no one will every file a privacy complaint about those.<br>
> > > ><br>
> > > > There are operations out there that do this on a massive, industrial scale,<br>
> > > > registering hundreds or thousands of domains per day that are going to be<br>
> > > > used for a very short time, even a few minutes in the most extreme cases<br>
> > > > (hailstorm spammers). In these cases, literally every second after<br>
> > > > registration matters, and whois is therefore a very critical resource for<br>
> > > > abuse researchers. This is why I and others are here.<br>
> > > ><br>
> > > > Due to the automated methods used for these registrations and the<br>
> > > > consequent correlations between them, it is quite common to be able to<br>
> > > > indeed distinguish this category of domains with "sufficient accuracy"<br>
> > > > once whois data have been retrieved.<br>
> > > ><br>
> > > > So please think in terms of three de facto categories rather than two:<br>
> > > ><br>
> > > > * legitimate, private<br>
> > > > * legitimate, business<br>
> > > > * abusive<br>
> > > ><br>
> > > > I am not suggesting that one puts the third category in ICANN<br>
> > > > agreements :) I am merely reminding that looking for abusive domains<br>
> > > > is a very important operational aspect of thin and thick whois, and<br>
> > > > care should be taken not to throw this other baby away with<br>
> > > > the baby water.<br>
> > > ><br>
> > > > Natale Maria Bianchi<br>
> > > > Spamhaus Project<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > On Tue, Jun 06, 2017 at 11:24:10AM +0200, Volker Greimann wrote:<br>
> > > > > If you can differentiate the use that a domain isgoing to be put to<br>
> > > > > at the time of registration with sufficient accuracy, you are due<br>
> > > > > for an an award ;-)<br>
> > > > ><br>
> > > > ><br>
> > > > > Am 02.06.2017 um 22:15 schrieb Dotzero:<br>
> > > > > >The overwhelming majority of domains registered would be<br>
> > > > > >considered for commercial purposes. The fact that a small<br>
> > > > > >percentage of domains are registered by individuals for personal<br>
> > > > > >use should not be the determining factor as to what is appropriate<br>
> > > > > >for ICANN to do. In fact, many of what people assert are personal<br>
> > > > > >domains have advertising on them and would therefor be considered<br>
> > > > > >by almost any jurisdiction to be engaged in a commercial activity.<br>
> > > > > >This includes many (most?) parked domains.<br>
> > > > > [...]<br>
> > > ><br>
> > > > ______________________________<wbr>_________________<br>
> > > > gnso-rds-pdp-wg mailing list<br>
> > > > <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
> > > > <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
> > > ><br>
> > > > ______________________________<wbr>_________________<br>
> > > > gnso-rds-pdp-wg mailing list<br>
> > > > <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
> > > > <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
> > ><br>
> > ><br>
> ><br>
> > ______________________________<wbr>_________________<br>
> > gnso-rds-pdp-wg mailing list<br>
> > <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
> > <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > ______________________________<wbr>___<br>
> > Note to self: Pillage BEFORE burning.<br>
><br>
><br>
><br>
><br>
> --<br>
> ______________________________<wbr>___<br>
> Note to self: Pillage BEFORE burning.<br>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>