<div dir="auto">>> The problem that nobody has any idea who is collecting this data, and<br>that some of it is personal data.<div dir="auto"><br></div><div dir="auto">But without verification of identity, the data is still no good. If this is something that is really needed, those operating whois servers can expose their access logs and some analysis can be done on the ip addresses making the queries and what they are querying for. Maybe that should be done before an entire system of questionable value is built.</div><div dir="auto"><br></div><div dir="auto">>> But then, of course, we can have meaningful discussions about what kinds of clients are querying and at what volumes. One thing I'm finding pretty frustrating about all this discussion is that we're having most of it in the complete absence of any data.</div><div dir="auto"><br>I think everyone is in agreement that some percentage of whois queries are abusive and only for the purpose of sending spam, and the vast majority of all queries are going to be aggregators. So i dont know what specific questions need to be answered that arent already.<br><br><br><br>>> The legal memo we received made me believe that some sort of accounting of who gets the data under what conditions would be a necessary but not sufficient condition for publication of certain kinds of data.<br></div><div dir="auto"><br></div><div dir="auto">I really doubt the gdpr is a blanket ban on all public publishing of all data. Unless the "gate" positively identifies all queriers without possibility of falsification of data in their own, thats going to be worse than a "this is publicly released, cope with it or dont disclose" type of notification to end users.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">>> I believe the history of "we need more user education" to solve problems on the Internet suggests that it is not a great plan.</div><div dir="auto"><br></div><div dir="auto">Purchasing ICANN gtld domains is a rather specific, nonessential, and advanced usage of the internet that most people will not do. If they aren't capable of comprehending basic privacy concepts, maybe we should seriously talk about discouraging them from buying domains.</div><div dir="auto"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Oct 3, 2017 8:14 PM, "Andrew Sullivan" <<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, Oct 03, 2017 at 07:53:55PM -0400, allison nixon wrote:<br>
> What problem would this be intended to solve?<br>
<br>
The problem that nobody has any idea who is collecting this data, and<br>
that some of it is personal data.<br>
<br>
> Researchers wont be caught out by it because by and large we use<br>
> aggregators, and the whois audit logs will summarily be full of "i am whois<br>
> aggregator X and my purpose is to aggregate whois" and they will have the<br>
> full support of the community, as they fulfill critical parts of the anti<br>
> abuse purpose.<br>
<br>
But then, of course, we can have meaningful discussions about what<br>
kinds of clients are querying and at what volumes. One thing I'm<br>
finding pretty frustrating about all this discussion is that we're<br>
having most of it in the complete absence of any data.<br>
<br>
The legal memo we received made me believe that some sort of<br>
accounting of who gets the data under what conditions would be a<br>
necessary but not sufficient condition for publication of certain<br>
kinds of data.<br>
<br>
> This is part of the personal responsibility they need to take when they<br>
> venture out into the internet, which they should learn sooner rather than<br>
> later that it will not guarantee their safety.<br>
<br>
I believe the history of "we need more user education" to solve<br>
problems on the Internet suggests that it is not a great plan.<br>
<br>
A<br>
<br>
--<br>
Andrew Sullivan<br>
<a href="mailto:ajs@anvilwalrusden.com">ajs@anvilwalrusden.com</a><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</blockquote></div></div>