[Gnso-epdp-team] Data enrichment companies

Mon Dec 9 08:46:10 UTC 2019

I don't want to disagree with someone from my own stakeholder group, but I don't understand how this is a "quick solution to the SSAD problem"? These services contain names, emails, and LinkedIn URLs - I don't see how these are substitutes for the data elements in Whois. And how are you even meant to know who to search for in one of these third-party services, absent the name of a registrant? These third-party services that pull in random data sets should be reigned in, not what we recommend others turn to locate/trace a registrant.

Ayden Férdeline

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, December 9, 2019 3:44 AM, Mueller, Milton L <milton at gatech.edu> wrote:

> I am wondering how many of the people involved in EPDP are familiar with data enrichment companies such as People Data Labs.
> If you're not you may be amazed at how vast is the number of people encompassed in their records, and how many data points are aggregated in them. As we battle mightily over how much disclosure of measly Whois records we will allow and under what circumstances, it might be useful to take a look at this article, https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
>
> There you will see a storehouse of names, email addresses, phone numbers, social media profile information and physical addresses for 1.2 billion people, all available for subscribers to this service and - in this bizarre case - all of it exposed to anyone with the right IP address due to a configuration error of an Elasticsearch server.
>
>  Based on my exposure to these data enrichment services, I think we may have found a quick solution to the SSAD problem. One could conclude that we don't need one at all, because any serious requestor can get a ton of data about virtually anyone on the internet - automatically, instantly - by using one of these services.
>
> https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/	[1.2 billion people exposed in data leak includes personal info, LinkedIN, Facebook](https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/)
> On October 16, 2019 Bob Diachenko and Vinny Troia discovered a wide-open Elasticsearch server containing an unprecedented 4 billion user accounts spanning more than 4 terabytes of data.. A total count of unique people across all data sets reached more than 1.2 billion people, making this one of the largest data leaks from a single source organization in history.
> www.dataviper.io
> I'll leave you all with that thought. See you Tuesday.
>
> Dr Milton L Mueller, Professor
>
> School of Public Policy
>
> Georgia Institute of Technology
>
> [Internet Governance Project](https://internetgovernance.org)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20191209/84e3be0a/attachment.html>