<div dir="ltr">If registrars and web hosts really were by-and-large dedicated to "solving this problem" as is claimed, people like Neil and I wouldn't have jobs.<div><br></div><div>If a small-to-medium-sized registrar or hosting provider believes the abuse landscape is something radically different than what the security community believes, that does not establish the small-to-medium-sized registrar as an authority above a community that actually is dedicated to solving the problem, and who has produced a large amount of evidence that clearly contradicts the idea that WHOIS causes more abuse than it solves. As far as I know the registrars arguing that WHOIS causes more abuse than it solves are their lawyers and policy people, not actually people who work at their abuse desk. I'm willing to be wrong on this but I don't see a lot of anti-abuse experience in those arguments, as I also work with people that work abuse desks at registrars and hosting providers and they wouldn't say that. So the credibility in this argument, and the attempt to establish authority to promote the argument, is lacking.</div><div><br></div><div>I would also like to point out that there are a number of registrars and hosting providers(not picking on anyone here, this is an industry-wide issue) that are not interested in "solving this problem", and instead "make this problem worse". When I talk to anti-abuse people that work at registrars and hosting providers about what irritates them, "the existence of WHOIS" has never ever come up, but lack of budget comes up very often. Lack of resources to handle abuse, and and a perception in some workplaces that abusive customers are tolerated in exchange for money. </div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 3, 2017 at 8:50 PM, Rob Golding <span dir="ltr"><<a href="mailto:rob.golding@astutium.com" target="_blank">rob.golding@astutium.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
And yet we are told by<br>
those who do NOT work in this field and do NOT contribute to solving<br>
this problem, that we don't need this information.<br>
</blockquote>
<br></span>
A number of those contributing to the discussion are registrars and web-hosts, who deal every day with abuse issues, so very much are the people who deal with "solving this problem" (and are also those telling you that WHOIS data contributes to abuse against real-people rather than abstracts)<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
As far as I can tell, only the anti-abuse people have even proposed a<br>
compromise... whois privacy for free.<br>
</blockquote>
<br></span>
Some registrars have offered this for years, although now ICANN thinks it should control/set policy/tax that kind of service it may not remain 'free' for long, and certainly isn't free to the registrar to provide (and still leaves the GDPR issue over escrow outstanding)<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
Rob</font></span><div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>