[gnso-rds-pdp-wg] Dangers of public whois
allison nixon
elsakoo at gmail.com
Thu Feb 9 17:26:34 UTC 2017
After registering my very first domain, I started receiving spam and
learned pretty quickly that the information was public.
Only so much can/should be done to protect the Spicers of this world from
themselves.
Pivoting off domain whois is my #1 valued resource in cybercrime
investigations.
On Thu, Feb 9, 2017 at 12:16 PM, benny at nordreg.se <benny at nordreg.se> wrote:
> Dnsservers, domainstatus, various dates, Registrar
>
> None of these data are personal data imo
>
> The only info you see in Whois are the contact ID the user have at the
> registrar/ registry
>
>
>
> Sent from my iPhone
>
> On 9 Feb 2017, at 18:10, nathalie coupet <nathaliecoupet at yahoo.com> wrote:
>
> Benny,
>
> All personal info on personal domains are hidden by default. What are the
> info that remain available for public view - after personal information
> have been hidden by default - which still enable technical operability?
>
>
> Nathalie
>
>
> On Thursday, February 9, 2017 11:46 AM, "benny at nordreg.se" <
> benny at nordreg.se> wrote:
>
>
> Maybe not but there are nothing who prevent us from trying to protect
> people from there mistakes and stupidity and still be able to have certain
> level of technical operability with whois data.
>
> A good example are .se which have a whois policy where all personal info
> on personal domains are hidden by default. The registrant need to opt out
> of the privacy actively by making a decision. That might be the way we
> should think instead of what to do to hide data.
>
>
>
>
>
> --
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>
>
> Benny Samuelsen
> Registry Manager - Domainexpert
>
> Nordreg AB - ICANN accredited registrar
> IANA-ID: 638
>
> Phone: +46.42197080 <+46%2042%2019%2070%2080>
> Direct: +47.32260201 <+47%2032%2026%2002%2001>
> Mobile: +47.40410200 <+47%20404%2010%20200>
>
> On 09/02/2017, 17:38, "gnso-rds-pdp-wg-bounces at icann.org on behalf of
> Greg Aaron" <gnso-rds-pdp-wg-bounces at icann.org on behalf of gca at icginc.com>
> wrote:
>
> Is ICANN (or anyone else) responsible for protecting Spicer from
> himself? A lot of the articles about this subject point out that Spicer
> was neglectful and occasionally incompetent.
>
> Here are some facts to consider:
> * Privacy protection was available and Spicer didn’t obtain it. That
> was his choice.
> * Spicer agreed to have his data published in WHOIS. So that was
> either OK with him, or he didn't read the terms of service in his domain
> registration agreement. Either way, it was his choice.
> * Spicer tweeted out his own Twitter password. He's responsible for
> that.
> * Spicer himself published his email address in many, many public
> places over the years. A simple Google search will tell you what his email
> address was.
> * Those data breaches that Volker mentions have nothing to do with
> domain registration data. They did not reveal domain registration data.
> Domain registration data didn't allow hackers to penetrate Dropbox,
> LinkedIn, and MySpace, and the other places where Spicer's credentials were
> lost over the years. Bad corporate security allowed those breaches to
> happen.
> * Spicer has a very different risk profile than the average person.
> He's been a prominent PR and political operative for many years (and is now
> working for the most scrutinized entity in the world). A key tenet of risk
> assessment is that exceptional cases may not justify making rules that
> affect everyone.
>
> All best,
> --Greg
>
>
>
>
> -----Original Message-----
> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org] On Behalf Of Volker Greimann
> Sent: Thursday, February 9, 2017 4:28 AM
> To: gnso-rds-pdp-wg at icann.org
> Subject: [gnso-rds-pdp-wg] Dangers of public whois
>
> As we tend to get lost in the thick and nitty gritty from time to
> time, this recent article should remind us what we are working for:
>
> mashable.com/2017/02/07/sean-spicer-who-is
>
> also here:
> http://domainnamewire.com/2017/02/08/sean-spicer-brings-
> attention-whois-privacy/
>
> While it could not have hit a nicer guy, he completely and accurately
> followed policy and look where it lead. Hi private address and telephone
> number as well as email address known to the world, other domains he
> registered for himself and his family published, etc. As his email address
> was compromised in no less than three leaks (plus one honorable mention on
> Wikileaks), and he recently tweeted his password, it may even be possible
> to dig deeper.
>
> I hope this helps remind folks that getting private data out of the
> public view is a good thing.
>
> --
>
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com
> / www.BrandShelter.com
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.:
> DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den
> angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe,
> Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist
> unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten
> wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to
> contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com
> / www.BrandShelter.com
>
> Follow us on Twitter or join our fan community on Facebook and stay
> updated:
> www.facebook.com/KeySystems
> www.twitter.com/key_systems
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu
>
> This e-mail and its attachments is intended only for the person to
> whom it is addressed. Furthermore it is not permitted to publish any
> content of this email. You must not use, disclose, copy, print or rely on
> this e-mail. If an addressing or transmission error has misdirected this
> e-mail, kindly notify the author by replying to this e-mail or contacting
> us by telephone.
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
--
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170209/e9a2aa4f/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list