<div dir="auto">Industry trust groups share far more sensitive data and have a far better vetting process than any "accreditation scheme" that would ever be run by icann. It's also run by people that care about more than simply maximizing profits and minimizing costs. Its impossible to create that via legislation alone and especially impossible to create it within the same ICANN who still accredits Alpnames even to this day.<div dir="auto"><br></div><div dir="auto">While the denials come fast and furious, it is worth noting the logical inconsistancies that have cropped up. </div><div dir="auto"><br></div><div dir="auto">-registrars complain about spam, but they so far haven't named a single criminal gang that spams. But they harp over and over about domaintools, who do not contribute to spam.</div><div dir="auto">-there are also the ridiculous arguments that the creation dates etc in whois can possibly be abused, no evidence is provided.</div><div dir="auto">-there are also the "legal" arguments where people are saying making any data public is illegal now, but if this is true, can we look forward to a total social media shutdown too? No one can reconcile that simple logical inconsistency.</div><div dir="auto">-apparently those meetings with the much-adored privacy commisioner did not include any voices from those who worked in security. </div><div dir="auto">-we also have registrars attempting to "mansplain" spam and abuse to people who work IN antispam and antiabuse</div><div dir="auto">-we have people complain about lack of privacy in whois when it's already been proven that private people have many options to choose from<br><div dir="auto"><br></div><div dir="auto">So these logical inconsistencies raise serious questions. Personally, i am not so quick to accuse people of criminal motivations. After all, i did check the numbers to see if any of the registrars participating here have a disproportionate number of abusive customers. Thanks to the existence of public whois, i did not observe anything indicating that.</div><div dir="auto"><br></div><div dir="auto">Still, the logical inconsistencies raise many questions. Personally, my theory is that the registrars dont want to spend money on running whois servers. And they are bitter that aggregators make money from it when they don't. That type of argument is logically consistent and is something i can actually work with. </div><div dir="auto"><br></div><div dir="auto">If that's the real motivation, we could drop the privacy charade and talk brass tacks here. A good number of people in this group work at companies that pay good money for good access to whois in bulk- not private data, just unfettered bulk access with none of the proxy server games.</div><div dir="auto"><br></div><div dir="auto">I know youall are here to represent your company's interests, and this is a serious fact worth considering. I know that some similar monetization schemes already, and if you dont see the opportunity then your registrar is probably missing out. The registrars that do this not only make extra money, but the data is used to do anti-abuse work for them for free so they can keep their customer base clean without hiring anyone extra. </div><div dir="auto"><br></div><div dir="auto">Also, within the context of commercial contracts, you gain actual leverage and the ability to do due-dilligence on who you are dealing with. Which is basically what you were asking for benny.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div></div><br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">On Jun 8, 2017 4:56 AM, "Stephanie Perrin" <<a href="mailto:stephanie.perrin@mail.utoronto.ca">stephanie.perrin@mail.utoronto.ca</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Calling me naive, ill
informed etc. does not actually answer the question folks.
It is, I am afraid, a valid question. What criteria does an
organization like APWG apply, when it admits members and
shares data with them? How do you ensure you are not sharing
data with organizations who are going to misuse it? that data
of course is much more that what we are talking about with
thin data, but I did actually work on this issue on successive
versions of the anti-spam legislation. Oddly enough,
government lawyers examining the issue (mostly from the
competition bureau who deal with criminal matters) never
labelled me "naive".</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Folks, can we please
try to be polite to one another on this list? When I have questions
like this, I often check with experts before I ask. They
don't call me naive, they answer my questions.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Thanks again.</font></font></p><font color="#888888">
<p><font size="+1"><font face="Lucida Grande">Stephanie</font></font><br>
</p></font><div class="elided-text">
<br>
<div class="m_6811967983391159068moz-cite-prefix">On 2017-06-08 01:54, Neil Schwartzman
wrote:<br>
</div>
</div><blockquote type="cite"><div class="elided-text">
My experience differs slightly. They aren’t ignored. The presence
of these .TLDs is a strong indicator of abuse which bears further
investigation.
<div><br>
</div>
<div>
<div>To the point at hand: I believe the notion of
certifying private cybercrime investigators to be painfully
naive (do I ignore reports from someone without a Internet
Investigator License? Do we disallow them access to data?),
impractical in the developed world, and deeply chauvinistic,
patronizing and exclusionary to our colleagues in emerging
nations where capacity building is exactly what’s needed to
deal with next-gen abuse.</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>
<blockquote type="cite">
<div>On Jun 8, 2017, at 2:36 AM, allison nixon
<<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>>
wrote:</div>
<br class="m_6811967983391159068Apple-interchange-newline">
<div><span style="font-family:Helvetica;font-size:12.800000190734863px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">We're getting there. Entire top level domains
are already ignored on many networks like .science,
.xyz, .pw, .top, .club, et cetera</span></div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="m_6811967983391159068mimeAttachmentHeader"></fieldset>
<br>
</div><div class="quoted-text"><pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_6811967983391159068moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_6811967983391159068moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</div></blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div></div>