<div dir="ltr">Theo - this comment is off target on many levels and takes us well outside of Whois. The #1 abuse-driving issue is cheap domains, due to pricing schemes and business models of registrars and registries. Bad actors target COM bc it's popular and well-known. Lots of tools we need to fight abuse, Whois is but one. But a powerful one.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 13, 2018 at 9:56 AM, Theo Geurts <span dir="ltr"><<a href="mailto:gtheo@xs4all.nl" target="_blank">gtheo@xs4all.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>John, <br>
</p>
<p>I think some of us are still mystified that there are no "huge"
issues in 147 million ccTLDs while there seems to be "huge" issues
with 181 million gTLDs ,25% of them using privacy proxy services.
<br>
</p>
<p>Personally I am more mystified why we keep on relying on WHOIS to
combat such issues while the abuse rate goes up in the gTLD space
each year. Perhaps time to come up with something better? It looks
like we rather patch up the boat sinking deeper down each year, as
opposed to create a new sea worthy vessel. <br>
</p>
<p>Theo <br>
</p>
<p><br>
</p>
<br>
<div class="m_1474105995103284821moz-cite-prefix">On 13-2-2018 18:43, John Horton via
gnso-rds-pdp-wg wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">I
am mystified as to why some people in this group don't
recognize that while (that's US for "whilst," for my European
friends!) legitimate business may do that -- and indeed, may
be required to in Ireland and Japan and a few other countries,
a) there is no requirement in other locations to do so, and b)
the bad actors either don't publish it or put falsified
information on their website...but the Whois record, whether
accurate or falsified (and sometimes even with privacy
protection) is helpful in anti-money laundering, consumer
protection, certification, anti abuse and trust and safety.
Let's all acknowledge that we live in a world where there are
many, many legitimate e-commerce businesses but many illicit
ones as well! Our solutions have to accommodate for all of the
above. </div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_1474105995103284821gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><font face="arial,
helvetica, sans-serif" color="#073763">John Horton<br>
President and CEO, LegitScript</font>
<div><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" height="36" width="96"><br>
<div>
<p style="margin:0.0px 0.0px 0.0px 0.0px;font:12.0px Helvetica"><br>
</p>
<p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><font color="#444444">Follow</font><font color="#0b5394"> </font><font color="#000000">Legit</font><font color="#0b5394">Script</font></b>: <a href="http://www.linkedin.com/company/legitscript-com" style="color:rgb(17,85,204)" target="_blank"><font color="#cc0000">LinkedIn</font></a>
| <a href="https://www.facebook.com/LegitScript" style="color:rgb(17,85,204)" target="_blank"><font color="#6aa84f">Facebook</font></a>
| <a href="https://twitter.com/legitscript" style="color:rgb(17,85,204)" target="_blank"><font color="#674ea7">Twitter</font></a>
| <font color="#ff9900"><u><a href="http://blog.legitscript.com/" style="color:rgb(17,85,204)" target="_blank">Blog</a></u></font> |<font color="#ff9900"> <a href="http://go.legitscript.com/Subscription-Management.html" style="color:rgb(17,85,204)" target="_blank"><font color="#ff9900">Newsletter</font></a></font><br>
</p>
<p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font color="#ff9900"><br>
</font></p>
<p style="text-align:left;margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font color="#ff9900"><img src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" height="96" width="46"><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" height="96" width="47"><br>
</font></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Tue, Feb 13, 2018 at 9:33 AM, Volker
Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>John, if businesses want to publish their information,
they should do it on their website, as they are legally
required to (at least over here). No need for whois for
that. So that purpose is out the window already.</p>
<span class="m_1474105995103284821HOEnZb"><font color="#888888">
<p>Volker<br>
</p>
</font></span>
<div>
<div class="m_1474105995103284821h5"> <br>
<div class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">Am
13.02.2018 um 18:07 schrieb John Bambenek via
gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>No it doesn't because there are large incentives
for institution and individuals to continue to
publish information. Businesses, for instance,
WANT to be contacted. If you want mail delivered,
certain best practices are imposed.</p>
<p>If consent is not the solution, YOU are deciding
what the rest of the world can and cannot do with
their data. Who exactly made ICANN the arbiter of
what I can do with my data? <br>
</p>
<br>
<div class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">On
2/13/2018 11:04 AM, Volker Greimann wrote:<br>
</div>
<blockquote type="cite">
<p>I am not sure you want that, because that means
completely dark whois. <br>
</p>
<p>I'd prefer an approach where we do not need to
rely on consent (but can still offer it as an
option). The hard bit is finding the right
principles of who gets access to what and how
even when there is no consent. <br>
</p>
<p>Consent is not the solution.<br>
</p>
<br>
<div class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">Am
13.02.2018 um 18:00 schrieb John Bambenek via
gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>Ok, so you agree with my in principle and
we're just haggling over the details now. Flip
a coin for all I care, opt-in/opt-out and move
forward.</p>
<p>So let's do that. When can we implement?<br>
</p>
<br>
<div class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">On
2/13/2018 10:58 AM, Volker Greimann wrote:<br>
</div>
<blockquote type="cite">
<p>You are still looking at the wrong end of
the horse. Privacy is not the choice, it is
the default. Divulging data is the choice.<br>
</p>
<br>
<div class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">Am
13.02.2018 um 17:57 schrieb John Bambenek
via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite">
<p>Exactly right. As far as I'm concerned if
we made privacy a free choice, make the
fields optional for all I care, and
whatever they do make is public... we have
solved this problem.</p>
<p>People who ACTUALLY protect society
against privacy threats have the data to
do their jobs, consumers who want privacy
have a free option for it, and registrars
can be in compliance with the law.<br>
</p>
<br>
<div class="m_1474105995103284821m_7852888369965585211moz-cite-prefix">On
2/13/2018 10:54 AM, DANIEL NANGHAKA wrote:<br>
</div>
<blockquote type="cite">This is just an
example but there is a lot of damage that
can be caused with data being exposed. In
our case we have phone numbers, addresses,
emails which is required to verification.
<div><br>
</div>
<div>This takes us to issue of consent.<br>
<br>
On Tuesday, February 13, 2018, John
Bambenek via gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Let's be honest here, we're
talking about phone numbers and
email addresses. The threat model
is RADICALLY different with the
data we are talking about.<br>
</p>
<br>
<div>On 2/13/2018 10:45 AM,
Stephanie Perrin wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the fact that
noone has responded to my last
post, I offer the following
update to the Equifax breach to
further illustrate my point. As
many companies have found out,
you don't find out what you've
got till it's gone.....a further
reason for data minimization and
short retention periods.<br>
</p>
<div>
<table cellspacing="0" cellpadding="0" height="107" width="787" border="0">
<tbody>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New Roman"><font size="3"><a href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/" target="_blank">http://www.theregister.co.uk/2<wbr>018/02/13/equifax_security_bre<wbr>ach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than
previously thought: Biz
kissed goodbye to card
expiry dates, tax IDs etc</b><br>
Pwned credit-score biz
quietly admits more info
lost<br>
By Iain Thomson in San
Francisco 13 Feb 2018 at
02:13<br>
<br>
Last year, Equifax admitted
<br>
<a href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/" target="_blank">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_equif<wbr>ax_customers_exposed/</a><br>
hackers stole sensitive
personal records on 145
million Americans and
hundreds of thousands in the
UK <br>
<a href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/" target="_blank">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already said
cyber-crooks "primarily"
took names, social security
numbers, birth dates, home
addresses, credit-score
dispute forms, and, in some
instances, credit card
numbers and driver license
numbers. Now the
credit-checking giant
reckons the intruders
snatched even more
information from its
databases.<br>
<br>
According to documents
provided by Equifax to the
US Senate Banking Committee,
<br>
and <u>revealed this month
by Senator Elizabeth
Warren (D-MA)</u>, <br>
<a href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc" target="_blank">https://apnews.com/2a51e3e5f9a<wbr>945978df4ad96246b8ecc</a><br>
the attackers also grabbed
taxpayer identification
numbers, phone numbers,
email addresses, and credit
card expiry dates belonging
to some Equifax customers.<br>
<br>
Like social security
numbers, taxpayer ID numbers
are useful for fraudsters
seeking to steal people's
identities or their tax
rebates, and the expiry
dates are similarly useful
for online crooks when
linked with credit card
numbers and other personal
information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues
to issue incomplete,
confusing and contradictory
statements and hide
information from Congress
and the public, it is clear
that five months after the
breach was publicly
announced, Equifax has yet
to answer this simple
question in full: what was
the precise extent of the
breach?" Warren fumed in a
missive late last week.<br>
<a href="https://www.warren.senate.gov/?p=press_release&id=2317" target="_blank">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith
Griffanti stressed to The
Register today that the
extra information snatched
by hackers, as revealed by
Senator Warren, belonged to
"some" Equifax customers. In
other words, not everyone
had their phone numbers,
email addresses, and so on,
slurped by crooks just some.
How much is some? Equifax
isn't saying, hence Warren's
(and everyone else's)
growing frustration.<br>
<br>
The senator is a cosponsor
of the <u>proposed Data
Breach Prevention and
Compensation Act, </u><br>
<a href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/" target="_blank">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_ag<wbr>encies_fines/</a><br>
which, if passed, would
impose computer security
regulations on credit
reporting agencies, with
mandatory fines that would
have led to Equifax coughing
up $1.5bn for its IT
blunder.<br>
<br>
Some regulation or
punishment is obviously
needed.<br>
<br>
No senior Equifax executives
were fired over the attack
instead the CEO, CSO and CIO
were all allowed to retire
with multi-million dollar
golden parachutes. The US
government's Consumer
Financial Protection Bureau
promised a full
investigation into the
Equifax affair, and then
gave up. On February 7, an
open letter [PDF] <br>
<a href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf" target="_blank">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%2<wbr>0Letter%202-7-18.pdf</a><br>
from 32 senators to the
bureau asked why the probe
was dropped, and the gang
has yet to receive a
response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote>
</div>
<br>
<br>
-- <br>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div> <br>
Regards <br>
Nanghaka Daniel K.<br>
<span style="font-size:small">Executive
Director -
ILICIT Africa /
Chair - FOSSFA /
Community Lead -
ISOC Uganda
Chapter /
Geo4Africa Lead
/ Organising
Team -
FOSS4G2018</span><br>
Mobile <a href="tel:+256%20772%20898298" value="+256772898298" target="_blank">+256 772
898298</a>
(Uganda)<br>
</div>
<div>Skype:
daniel.nanghaka<br>
</div>
<div><br>
</div>
<div>------------------------------<wbr>-----------
<i><span>"Working
for Africa" </span></i>------------------------------<wbr>-----------<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</blockquote>
<br>
<pre class="m_1474105995103284821m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="m_1474105995103284821m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<br>
<fieldset class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="m_1474105995103284821m_7852888369965585211moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="m_1474105995103284821m_7852888369965585211mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821m_7852888369965585211moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="m_1474105995103284821mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1474105995103284821moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1474105995103284821moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>