[gnso-rds-pdp-wg] Dangers of public whois

Gomes, Chuck cgomes at verisign.com
Mon Feb 20 15:16:10 UTC 2017 

Well said Sam.



Chuck



From: Sam Lanfranco [mailto:sam at lanfranco.net]
Sent: Monday, February 20, 2017 10:14 AM
To: Gomes, Chuck <cgomes at verisign.com>; chris at netearth.net; michele at blacknight.com
Cc: gnso-rds-pdp-wg at icann.org
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois



Chuck, Just a quick follow up. The "education" call here goes well beyond ICANN's mission, its scope of remit, or our rds-pdp-wg charter. It needs to be done somewhere beyond ICANN. But ICANN can flag that it is something that needs to be done for good citizenship in the Internet ecosystem.

Back to the car analogy, ICANN is designing the roads, access points, the lanes, and the signage, but someone else has to educate domain name owners and complainants about how to properly drive to their destinations.

Sam L.



On 2/20/2017 9:57 AM, Gomes, Chuck wrote:

   Policies recommending education are possible as long as they are within ICANN’s mission and our charter so let’s keep that in mind when we get to Phase 2.  In the meantime, we might consider requirements for education.  There is probably no way to force education on users and registrants but it is probably reasonable to make educational materials easily available and encourage their usage.



   Chuck



   From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Sam Lanfranco
   Sent: Monday, February 20, 2017 9:39 AM
   To: Chris Pelling <chris at netearth.net><mailto:chris at netearth.net>; Michele Neylon <michele at blacknight.com><mailto:michele at blacknight.com>
   Cc: gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org><mailto:gnso-rds-pdp-wg at icann.org>
   Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois



   Chris,

   Your comment yanked my chain. I agree with you 100% when you say “The problem is from the takedown / infringement requests we see, 1, 2 and 3 [due diligence] are not even thought of, so part of this is education.” Good idea. How do we get there from here?

   As an economist I get pulled into very large project proposals that are being clobbered together by well meaning, well educated, people with their own personal PICs (Public Interest Commitments) and who just want to do good. In the “good works” area there are just as many crooks, frauds, and sociopaths as can be found trolling in the DNS system. However, over and over again it takes me less than two hours of due diligence to uncover yet one more “financier” who is a fraud, a crook, or simply trolling for a big  hit, and has the financial resources of a raccoon, information the “good works” people have managed to overlook.

   An effective educational strategy is clearly needed here. That may include a DumbOne’s Guide to DNS Complaints (avoided a trademark there) and maybe even generic semi-standard forms for initiating complaints. To do that, it would be useful to know the data on types of complaints by type of complainant (e.g. how many and what types come from lawyers, from individuals, etc.) as background for better education here.  Access to that "How to" guide should at least be flagged in the domain name registration process, the web hosting process and in queries about complaining.

   Sam L.



   On 2/20/2017 8:32 AM, Chris Pelling wrote:

      I'll weigh in here for a registrar who does not host content that is not owned by him.



      My views and points on this are, for content based issues, in priority order, top being the highest (and first port of call) :



      1.  Registrant if available or any contact that is identifiable on the website in question, if a sub-domain, check the main domain by removing the subdomain and adding www or leaving it off.        (some free hosting sites give subdomains away free, but the main site is always only 1 click away)



      2.  Hosting company, look at the nameservers and this sometimes gives the hosting company name, put the nameserver name into google and more often than not, the hosting company will pop up - contact them alerting them to the fact that there is potentially infringing information on a website that is hosted on servers under their control.  Good hosting companies are very responsive.



      3.  If you cannot work out 2 above, whois the IP address of the website (including any subdomain), this will give you the IP address owner, they will surely know whom that have given / rented / leased the IPs too and this gives you 2 above.  If you from doing this get the registrar and they are not the hosting company, this would lend to it be a forwarding service,



      4.  If they are a "reseller centric/wholesale"  registrar (eNom, Tucows. Realtime, NEO), then WHOIS will often have a "Registration service provided by" or "Reseller" in the whois output, this gives you the registering party who took the order, if not at the very least the registrar.



      The problem is from the takedown / infringement requests we see, 1, 2 and 3 are not even thought of, so part of this is education.



      Kind regards,

      Chris




        _____


           < rest deleted >







--
------------------------------------------------
"It is a disgrace to be rich and honoured
in an unjust state" -Confucius
 邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
------------------------------------------------
Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
email: Lanfran at Yorku.ca<mailto:Lanfran at Yorku.ca>   Skype: slanfranco
blog:  https://samlanfranco.blogspot.com
Phone: +1 613-476-0429 cell: +1 416-816-2852
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170220/3a578f1c/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list