[gnso-rds-pdp-wg] Dangers of public whois

benny at nordreg.se benny at nordreg.se
Thu Feb 9 17:35:30 UTC 2017 

Then there are no reason to not hide the personal info if it is that easy

Why are we putting all the people at the spammers list because a small part of registrant are criminals?



Sent from my iPhone

On 9 Feb 2017, at 18:27, allison nixon <elsakoo at gmail.com<mailto:elsakoo at gmail.com>> wrote:

Unless the person takes careful measures to keep their fake identity/domain separate, and never mention the domain from their real names, domain whois won't even be necessary to find out who they are. Public records and social media are another resource for accomplishing this task. Tracking the average person down is not hard, because they usually don't put any effort into hiding.

On Thu, Feb 9, 2017 at 12:25 PM, nathalie coupet via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>> wrote:
If someone or a group of people were to be the subject of a smear campaign, persectution or harassment by an individual, would the contact ID be sufficient to initiate  proceeding to find out the identity of the author?
What is the procedure for collecting a contact ID? Is there some type of ID verification?

Thank you,
Nathalie


On Thursday, February 9, 2017 12:18 PM, "benny at nordreg.se<mailto:benny at nordreg.se>" <benny at nordreg.se<mailto:benny at nordreg.se>> wrote:


Dnsservers, domainstatus, various dates, Registrar

None of these data are personal data imo

The only info you see in Whois are the contact ID the user have at the registrar/ registry



Sent from my iPhone

On 9 Feb 2017, at 18:10, nathalie coupet <nathaliecoupet at yahoo.com<mailto:nathaliecoupet at yahoo.com>> wrote:

Benny,

All personal info on personal domains are hidden by default. What are the info that remain available for public view - after personal information have been hidden by default - which still enable technical operability?


Nathalie


On Thursday, February 9, 2017 11:46 AM, "benny at nordreg.se<mailto:benny at nordreg.se>" <benny at nordreg.se<mailto:benny at nordreg.se>> wrote:


Maybe not but there are nothing who prevent us from trying to protect people from there mistakes and stupidity and still be able to have certain level of technical operability with whois data.

A good example are .se which have a whois policy where all personal info on personal domains are hidden by default. The registrant need to opt out of the privacy actively by making a decision. That might be the way we should think instead of what to do to hide data.





--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen


Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638

Phone: +46.42197080<tel:+46%2042%2019%2070%2080>
Direct: +47.32260201<tel:+47%2032%2026%2002%2001>
Mobile: +47.40410200<tel:+47%20404%2010%20200>

On 09/02/2017, 17:38, "gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> on behalf of Greg Aaron" <gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> on behalf of gca at icginc.com<mailto:gca at icginc.com>> wrote:

    Is ICANN (or anyone else) responsible for protecting Spicer from himself?  A lot of the articles about this subject point out that Spicer was neglectful and occasionally incompetent.

    Here are some facts to consider:
    * Privacy protection was available and Spicer didn’t obtain it.  That was his choice.
    * Spicer agreed to have his data published in WHOIS.  So that was either OK with him, or he didn't read the terms of service in his domain registration agreement.  Either way, it was his choice.
    * Spicer tweeted out his own Twitter password.  He's responsible for that.
    * Spicer himself published his email address in many, many public places over the years.  A simple Google search will tell you what his email address was.
    * Those data breaches that Volker mentions have nothing to do with domain registration data.  They did not reveal domain registration data.  Domain registration data didn't allow hackers to penetrate Dropbox, LinkedIn, and MySpace, and the other places where Spicer's credentials were lost over the years.  Bad corporate security allowed those breaches to happen.
    * Spicer has a very different risk profile than the average person.  He's been a prominent PR and political operative for many years (and is now working for the most scrutinized entity in the world).  A key tenet of risk assessment is that exceptional cases may not justify making rules that affect everyone.

    All best,
    --Greg




    -----Original Message-----
    From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>] On Behalf Of Volker Greimann
    Sent: Thursday, February 9, 2017 4:28 AM
    To: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
    Subject: [gnso-rds-pdp-wg] Dangers of public whois

    As we tend to get lost in the thick and nitty gritty from time to time, this recent article should remind us what we are working for:

    mashable.com/2017/02/07/sean-spicer-who-is<http://mashable.com/2017/02/07/sean-spicer-who-is>

    also here:
    http://domainnamewire.com/2017/02/08/sean-spicer-brings-attention-whois-privacy/

    While it could not have hit a nicer guy, he completely and accurately followed policy and look where it lead. Hi private address and telephone number as well as email address known to the world, other domains he registered for himself and his family published, etc. As his email address was compromised in no less than three leaks (plus one honorable mention on Wikileaks), and he recently tweeted his password, it may even be possible to dig deeper.

    I hope this helps remind folks that getting private data out of the public view is a good thing.

    --

    Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

    Mit freundlichen Grüßen,

    Volker A. Greimann
    - Rechtsabteilung -

    Key-Systems GmbH
    Im Oberen Werk 1
    66386 St. Ingbert
    Tel.: +49 (0) 6894 - 9396 901<tel:+49%206894%209396901>
    Fax.: +49 (0) 6894 - 9396 851<tel:+49%206894%209396851>
    Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>

    Web: www.key-systems.net<http://www.key-systems.net/> / www.RRPproxy.net<http://www.rrpproxy.net/> www.domaindiscount24.com<http://www.domaindiscount24.com/> / www.BrandShelter.com<http://www.brandshelter.com/>

    Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
    www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
    www.twitter.com/key_systems<http://www.twitter.com/key_systems>

    Geschäftsführer: Alexander Siffrin
    Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

    Member of the KEYDRIVE GROUP
    www.keydrive.lu<http://www.keydrive.lu/>

    Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

    --------------------------------------------

    Should you have any further questions, please do not hesitate to contact us.

    Best regards,

    Volker A. Greimann
    - legal department -

    Key-Systems GmbH
    Im Oberen Werk 1
    66386 St. Ingbert
    Tel.: +49 (0) 6894 - 9396 901<tel:+49%206894%209396901>
    Fax.: +49 (0) 6894 - 9396 851<tel:+49%206894%209396851>
    Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>

    Web: www.key-systems.net<http://www.key-systems.net/> / www.RRPproxy.net<http://www.rrpproxy.net/> www.domaindiscount24.com<http://www.domaindiscount24.com/> / www.BrandShelter.com<http://www.brandshelter.com/>

    Follow us on Twitter or join our fan community on Facebook and stay updated:
    www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
    www.twitter.com/key_systems<http://www.twitter.com/key_systems>

    CEO: Alexander Siffrin
    Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

    Member of the KEYDRIVE GROUP
    www.keydrive.lu<http://www.keydrive.lu/>

    This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.



    _______________________________________________
    gnso-rds-pdp-wg mailing list
    gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
    https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

    _______________________________________________
    gnso-rds-pdp-wg mailing list
    gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
    https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg





_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg



--
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170209/ad83a7cf/attachment.html>

More information about the gnso-rds-pdp-wg mailing list