[gnso-rds-pdp-wg] Dangers of public whois
Gomes, Chuck
cgomes at verisign.com
Tue Feb 21 01:51:02 UTC 2017
Chris and all,
This email thread seems to have lead us to not only an exchange of differing viewpoints, but a very informative description of the role played by WHOIS data when investigating incidents involving website content.
I think it would be good to capture this detailed description as a use case for future reference during WG deliberation on possible purposes and related contact data.
Chris, would you be willing to pull out your description below and combine it with a use case introduction for posting on this WG's use case list? If you wish, you can start from the template Word document posted on our use case wiki page:
https://community.icann.org/display/NGRDSTRWMO/RDS+PDP+WG+Example+Use+Cases
While this may be related to other cases already posted there, your description goes further in showing how WHOIS data fits into a broader scenario, so I think it would make a useful addition to our use case inventory.
As we move forward in our deliberation on purposes, data, and privacy, examples such as these will be very helpful.
Chuck
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Chris Pelling
Sent: Monday, February 20, 2017 8:33 AM
To: Michele Neylon <michele at blacknight.com>
Cc: gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
I'll weigh in here for a registrar who does not host content that is not owned by him.
My views and points on this are, for content based issues, in priority order, top being the highest (and first port of call) :
1. Registrant if available or any contact that is identifiable on the website in question, if a sub-domain, check the main domain by removing the subdomain and adding www or leaving it off. (some free hosting sites give subdomains away free, but the main site is always only 1 click away)
2. Hosting company, look at the nameservers and this sometimes gives the hosting company name, put the nameserver name into google and more often than not, the hosting company will pop up - contact them alerting them to the fact that there is potentially infringing information on a website that is hosted on servers under their control. Good hosting companies are very responsive.
3. If you cannot work out 2 above, whois the IP address of the website (including any subdomain), this will give you the IP address owner, they will surely know whom that have given / rented / leased the IPs too and this gives you 2 above. If you from doing this get the registrar and they are not the hosting company, this would lend to it be a forwarding service,
4. If they are a "reseller centric/wholesale" registrar (eNom, Tucows. Realtime, NEO), then WHOIS will often have a "Registration service provided by" or "Reseller" in the whois output, this gives you the registering party who took the order, if not at the very least the registrar.
The problem is from the takedown / infringement requests we see, 1, 2 and 3 are not even thought of, so part of this is education.
Kind regards,
Chris
_____
From: "Michele Neylon" <michele at blacknight.com<mailto:michele at blacknight.com>>
To: "Volker Greimann" <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>>, "gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Sent: Monday, 20 February, 2017 11:24:53
Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
Volker
>From our perspective the frustration is when the client (registrant) has their details in whois and / or on the website and the complainant makes zero attempt to contact them. The first we hear about the alleged issues is when I get a 100 page takedown notice on my desk.
So if they can at least attempt to contact the website operator then it makes our lives a lot easier.
As the hosting provider we *should* have details of how to reach the site owner, but not always, as we also offer dedicated servers, colo etc., but we'll know who the IPs are assigned to
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
On 20/02/2017, 11:21, "Volker Greimann" <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:
Agreed. The question is who is next if the details are not available. If
it is content, the next port of call should be the host as the host has
the ability to remove said content and also bears certain legal
obligations in case of obvious violations while the registrar does not.
As the registrar may not even know the actual registrant, for example
for registrations under third party privacy services, it does not even
make sense to contact the registrar.
Best,
Volker
Am 20.02.2017 um 12:08 schrieb Michele Neylon - Blacknight:
> Volker
>
> The key thing is the sequence.
> If the contact's details are available either via whois OR on the website then they're the first port of call.
>
> Regards
>
> Michele
>
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting, Colocation & Domains
> https://www.blacknight.com/
> http://blacknight.blog/
> Intl. +353 (0) 59 9183072
> Direct Dial: +353 (0)59 9183090
> Personal blog: https://michele.blog/
> Some thoughts: https://ceo.hosting/
> -------------------------------
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
> On 20/02/2017, 10:46, "Volker Greimann" <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:
>
> Well, the registrant may not be the right contact in all cases,
> especially if it comes down to subdomains. But yes, if the registrant is
> known, then he should probably be contacted right after a known website
> operator. But if the registrant is unknown, the next contact should be
> the host as he is closer to the alleged violation than the registrar.
>
> Best,
>
> Volker
>
>
>
>
> Am 20.02.2017 um 11:28 schrieb Michele Neylon - Blacknight:
> > Volker
> >
> > Really?
> > As a hosting provider I'd strongly disagree.
> >
> > If you've got a problem with content on a website you should contact the registrant first.
> >
> > Regards
> >
> > Michele
> >
> >
> > --
> > Mr Michele Neylon
> > Blacknight Solutions
> > Hosting, Colocation & Domains
> > https://www.blacknight.com/
> > http://blacknight.blog/
> > Intl. +353 (0) 59 9183072
> > Direct Dial: +353 (0)59 9183090
> > Personal blog: https://michele.blog/
> > Some thoughts: https://ceo.hosting/
> > -------------------------------
> > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
> >
> > On 20/02/2017, 09:54, "gnso-rds-pdp-wg-bounces at icann.org on behalf of Volker Greimann<mailto:gnso-rds-pdp-wg-bounces at icann.org%20on%20behalf%20of%20Volker%20Greimann>" <gnso-rds-pdp-wg-bounces at icann.org on behalf of vgreimann at key-systems.net<mailto:gnso-rds-pdp-wg-bounces at icann.org%20on%20behalf%20of%20vgreimann at key-systems.net>> wrote:
> >
> > When you say web site, it should be taken up with the web host not the
> > registrar as the registrant is not necessarily the correct content.
> >
> > Problems with domain -> registrant
> >
> > Problems with content -> Web host
> >
> > Best,
> >
> > Volker
> >
> >
> > Am 17.02.2017 um 20:49 schrieb Mark Svancarek via gnso-rds-pdp-wg:
> > > Counter example
> > > "Joe" has a web site which is used to abuse my trademark. I can't contact Joe because his thin data is incorrect or hidden (I don't know that Joe is actually Joe.). I then contact the registrar. They follow up with the privacy proxy service if needed. Hopefully all this happens quickly and the cease and desist message is actually delivered.
> > >
> > > In actual practice, there is a noteworthy difference in effectiveness if we have to go through the registrar, compared to us contacting directly. If the registrar isn't responsive, then I may have to pressure ICANN to enforce the registrar contract, which has its own issues.
> > >
> > > In either case, your abuse of my trademark is probably a civil issue, so starting with law enforcement isn't a great option, even if they had the inclination and bandwidth to help out in a timely fashion.
> > >
> > > -----Original Message-----
> > > From: benny at nordreg.se<mailto:benny at nordreg.se> [mailto:benny at nordreg.se]
> > > Sent: Friday, February 17, 2017 9:41 AM
> > > To: Mark Svancarek <marksv at microsoft.com<mailto:marksv at microsoft.com>>
> > > Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
> > > Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
> > >
> > > Let us take a simple example
> > >
> > > A phone number can you as the one it's registered on choose by yourself if it shall be published in the phone book, if you give the number to someone it's your choice as an individual! If the police want your number they will get without to much effort.
> > >
> > > So why on earth are we forcing registrants to give up this right to choose to whom they share that info?
> > >
> > > Forget what Whois are as we know it and come up with ideas how we can make a new system which takes reasonable interest of all sides here.
> > >
> > > The Status Quo hammering are not productive at all.
> > >
> > > RDS are meant to make change to the better!
> > >
> > >
> > > Sent from my iPhone
> > >
> > >> On 17 Feb 2017, at 18:28, Mark Svancarek <marksv at microsoft.com<mailto:marksv at microsoft.com>> wrote:
> > >>
> > >> Spam and DDOS will always be with us, and the need to mitigate them does not eliminate the need to have public data. It seems orthogonal to me.
> > >>
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>
> > >> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of
> > >> benny at nordreg.se<mailto:benny at nordreg.se>
> > >> Sent: Friday, February 17, 2017 8:25 AM
> > >> To: RDS PDP WG <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
> > >> Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
> > >>
> > >> Another post about the problems with public whois
> > >>
> > >> How anyone here can still defend this abuse of info as a the best system I have serious problems understanding.
> > >>
> > >> http://domainnamewire.com/2017/02/16/control-block-sms-spam-robocallin
> > >> g-based-whois-info/
> > >>
> > >>
> > >> --
> > >> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
> > >>
> > >> Benny Samuelsen
> > >> Registry Manager - Domainexpert
> > >>
> > >> Nordreg AB - ICANN accredited registrar
> > >> IANA-ID: 638
> > >> Phone: +46.42197080
> > >> Direct: +47.32260201
> > >> Mobile: +47.40410200
> > >>
> > >>> On 17 Feb 2017, at 14:55, Michele Neylon - Blacknight <michele at blacknight.com<mailto:michele at blacknight.com>> wrote:
> > >>>
> > >>> Allison
> > >>>
> > >>> As others have said, if you have an issue please report it to ICANN,
> > >>> law enforcement, consumer protection etc., Some of us take our obligations very seriously and lumping all registrars and providers into one big bucket isn't very helpful for constructive dialogue.
> > >>> We get a number of whois complaints from ICANN every year and we investigate each and every one of them. In some cases it's very obvious that the details provided are bogus, but in others it's not and we have to spend time energy and effort going back and forth with our client and ICANN to resolve it. Sometimes this leads to domains being suspended or deleted, sometimes the whois gets updated, sometimes the complaint is denied. But each complaint is handled on its merits.
> > >>>
> > >>> We also have a whois privacy service. It is NOT a fake address. You can check it in the Irish company office:
> > >>> https://search.cro.ie/company/CompanyDetails.aspx?id=480317&type=C
> > >>>
> > >>> Now you may not like that people and organisations choose to obfuscate their contact details via services like that one, but that's a different issue entirely. I also personally have correspondence addresses in the US, mainland UK and a couple in Northern Ireland. I don't live at any of them, but you can send me physical mail and I will get it. You could argue that the address is "fake", but as I can get mail to it I'd suspect that in many cases it'd be considered valid.
> > >>>
> > >>> Regards
> > >>>
> > >>> Michele
> > >>>
> > >>> --
> > >>> Mr Michele Neylon
> > >>> Blacknight Solutions
> > >>> Hosting, Colocation & Domains
> > >>> https://www.blacknight.com/
> > >>> http://blacknight.blog/
> > >>> Intl. +353 (0) 59 9183072
> > >>> Direct Dial: +353 (0)59 9183090
> > >>> Personal blog: https://michele.blog/
> > >>> Some thoughts: https://ceo.hosting/
> > >>> -------------------------------
> > >>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> > >>> Park,Sleaty
> > >>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
> > >>> _______________________________________________
> > >>> gnso-rds-pdp-wg mailing list
> > >>> gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
> > >>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> > >> _______________________________________________
> > >> gnso-rds-pdp-wg mailing list
> > >> gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
> > >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> > > _______________________________________________
> > > gnso-rds-pdp-wg mailing list
> > > gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
> > > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> > --
> > Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> >
> > Mit freundlichen Grüßen,
> >
> > Volker A. Greimann
> > - Rechtsabteilung -
> >
> > Key-Systems GmbH
> > Im Oberen Werk 1
> > 66386 St. Ingbert
> > Tel.: +49 (0) 6894 - 9396 901
> > Fax.: +49 (0) 6894 - 9396 851
> > Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
> >
> > Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
> > www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>
> >
> > Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> > www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
> > www.twitter.com/key_systems<http://www.twitter.com/key_systems>
> >
> > Geschäftsführer: Alexander Siffrin
> > Handelsregister Nr.: HR B 18835 - Saarbruecken
> > Umsatzsteuer ID.: DE211006534
> >
> > Member of the KEYDRIVE GROUP
> > www.keydrive.lu<http://www.keydrive.lu>
> >
> > Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
> >
> > --------------------------------------------
> >
> > Should you have any further questions, please do not hesitate to contact us.
> >
> > Best regards,
> >
> > Volker A. Greimann
> > - legal department -
> >
> > Key-Systems GmbH
> > Im Oberen Werk 1
> > 66386 St. Ingbert
> > Tel.: +49 (0) 6894 - 9396 901
> > Fax.: +49 (0) 6894 - 9396 851
> > Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
> >
> > Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
> > www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>
> >
> > Follow us on Twitter or join our fan community on Facebook and stay updated:
> > www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
> > www.twitter.com/key_systems<http://www.twitter.com/key_systems>
> >
> > CEO: Alexander Siffrin
> > Registration No.: HR B 18835 - Saarbruecken
> > V.A.T. ID.: DE211006534
> >
> > Member of the KEYDRIVE GROUP
> > www.keydrive.lu<http://www.keydrive.lu>
> >
> > This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
> >
> >
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> >
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
>
> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems<http://www.twitter.com/key_systems>
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu<http://www.keydrive.lu>
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
>
> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:
> www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems<http://www.twitter.com/key_systems>
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu<http://www.keydrive.lu>
>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>
>
>
>
>
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
www.twitter.com/key_systems<http://www.twitter.com/key_systems>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu<http://www.keydrive.lu>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
www.twitter.com/key_systems<http://www.twitter.com/key_systems>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu<http://www.keydrive.lu>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170221/abb8b38f/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list