<div dir="ltr">Jeremy, here is a quote from your report on the EFF webpage:<div><br></div><div><br></div><div>>>We observed 16 separate top level domains used in this campaign. Using historical whois data from Passive Total, we were able to discover that some of the domains had been registered with the email address amandalovers@mail[.]com. Several other domains, apparently not used in this campaign, were also registered by amandalovers@mail[.]com1, many of which followed a similar naming pattern to domains used for this campaign. Some of the domains had previously shared servers with domains used in these attacks, increasing our confidence that all of these domains are owned by the same actor. We also discovered a group of domains which were located on what appears to be a dedicated server with transferdomain[.]my, one of the domains used by the attackers.<br></div><div><br></div><div><br></div><div>Shutting down WHOIS would have made this paragraph, and any subsequent facts found due to these findings in your own report, impossible.</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 3, 2017 at 5:28 PM, Jeremy Malcolm <span dir="ltr"><<a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 3/10/17 2:15 pm, allison nixon wrote:<br>
> Whether or not the EFF agrees with the work of anti-abuse<br>
> professionals may be a point of debate (or may not, I don't know if<br>
> your org even likes the idea of anti-abuse or not), but if the EFF<br>
> believes this information has no utility for our purposes then that is<br>
> completely factually incorrect.<br>
<br>
</span>Sure we like the idea, actually we ourselves also do this sort of work;<br>
see our current front page feature at <a href="http://eff.org" rel="noreferrer" target="_blank">eff.org</a> headed "Phish for the<br>
Future", which (yes) includes some information gained through WHOIS. So<br>
we are not totally misinformed about this issue as your reply seems to<br>
assume. We just don't think that there should be any additional<br>
personal information about registrants made available through the RDS,<br>
even if it is limited to security researchers or anti-abuse specialists.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Jeremy Malcolm<br>
Senior Global Policy Analyst<br>
Electronic Frontier Foundation<br>
<a href="https://eff.org" rel="noreferrer" target="_blank">https://eff.org</a><br>
<a href="mailto:jmalcolm@eff.org">jmalcolm@eff.org</a><br>
<br>
Tel: <a href="tel:415.436.9333%20ext%20161" value="+14154369333">415.436.9333 ext 161</a><br>
<br>
:: Defending Your Rights in the Digital World ::<br>
<br>
Public key: <a href="https://www.eff.org/files/2016/11/27/key_jmalcolm.txt" rel="noreferrer" target="_blank">https://www.eff.org/files/<wbr>2016/11/27/key_jmalcolm.txt</a><br>
PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122<br>
<br>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>