[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]

allison nixon elsakoo at gmail.com
Thu Jun 8 14:52:58 UTC 2017 

>>A lot of the spam we see as registrars is tied to the creation date or
renewal date of a domain name:
>>"Your domain is expiring, transfer now!"
>>"You registered this domain but it has not been listed with search
engines yet!"
etc.

The issue is not because the spammer knows the expiration date. the issue
is because the spammer knows the email and the emails were not properly
filtered. multiple failures occurred along that path, but disclosing the
expiration date of the domain was not one.


>>Any data being published is obvious nonsense. Data published by the data
subjects themselves is also not problematic as long as they are aware of
what they are doing. If I post my private information on my facebook
profile, that is my choice and I clearly know what I am doing. If I give my
hosting provider my address details without reading the registration
agreement that I agree to, that is a totally different story.

The blame for this lies solely on the registrars. don't their websites make
it clear that WHOIS data is public? I'm pretty sure that when they try to
sell WHOIS privacy, they make this very very clear. At this point this is
an effort to protect people who fail to read very clear instructions that
are unlikely to be buried in a EULA.

>>I thought that term means constantly interrupting the other party to
"correct" them without giving them opportunity to finish? I wasn't aware
that this can be done by email.

Interruptions don't work over email. My point is we see registrars
attempting to lecture anti-spam people about spam using facts that are dead
wrong.

>>Just because there are alternative options that does not imply that the
status quo is as it should or needs to be. Privacy officials have
repeatedly told ICANN that the current WHOIS has significant issues and it
is now time to address those issues.

There absolutely are, especially if the registrars are not making it clear
to their customers that WHOIS data is public. This is not a valid reason to
shut down WHOIS.








On Thu, Jun 8, 2017 at 9:43 AM, Volker Greimann <vgreimann at key-systems.net>
wrote:

> Hi Allison,
>
>
> -registrars complain about spam, but they so far haven't named a single
> criminal gang that spams. But they harp over and over about domaintools,
> who do not contribute to spam.
>
> If we thought it would contribute to the discussion, we would name the
> spammers we have seen, although I personally do not know who is behind
> those mails we see. We are not investigators of such issues after all.
>
> -there are also the ridiculous arguments that the creation dates etc in
> whois can possibly be abused, no evidence is provided.
>
> A lot of the spam we see as registrars is tied to the creation date or
> renewal date of a domain name:
> "Your domain is expiring, transfer now!"
> "You registered this domain but it has not been listed with search engines
> yet!"
> etc.
>
> -there are also the "legal" arguments where people are saying making any
> data public is illegal now, but if this is true, can we look forward to a
> total social media shutdown too? No one can reconcile that simple logical
> inconsistency.
>
> Any data being published is obvious nonsense. Data published by the data
> subjects themselves is also not problematic as long as they are aware of
> what they are doing. If I post my private information on my facebook
> profile, that is my choice and I clearly know what I am doing. If I give my
> hosting provider my address details without reading the registration
> agreement that I agree to, that is a totally different story.
>
> -apparently those meetings with the much-adored privacy commisioner did
> not include any voices from those who worked in security.
>
> If the needs of those that work in security means legal requirements have
> to be violated then there is a problem. If they can work within the legal
> requirements then there isn't.
>
> -we also have registrars attempting to "mansplain" spam and abuse to
> people who work IN antispam and antiabuse
>
> I thought that term means constantly interrupting the other party to
> "correct" them without giving them opportunity to finish? I wasn't aware
> that this can be done by email.
>
> -we have people complain about lack of privacy in whois when it's already
> been proven that private people have many options to choose from
>
> Just because there are alternative options that does not imply that the
> status quo is as it should or needs to be. Privacy officials have
> repeatedly told ICANN that the current WHOIS has significant issues and it
> is now time to address those issues.
>
>
> So these logical inconsistencies raise serious questions. Personally, i am
> not so quick to accuse people of criminal motivations. After all, i did
> check the numbers to see if any of the registrars participating here have a
> disproportionate number of abusive customers. Thanks to the existence of
> public whois, i did not observe anything indicating that.
>
> I do not see any inconsistencies. Maybe it depends on the point of view
> and personal experience.
>
>
> Still, the logical inconsistencies raise many questions. Personally, my
> theory is that the registrars dont want to spend money on running whois
> servers. And they are bitter that aggregators make money from it when they
> don't. That type of argument is logically consistent and is something i can
> actually work with.
>
> Whois servers cost next to nothing to maintain. It is the complaints of
> current or former customers why their current/old information is (still)
> out there even though they sold or deleted their domain or changed their
> data that cost time (=money). Having to explain to customers that the
> agreement that they didn't read included a reference to our obligation to
> publish their whois details and pass them on to the registry and escrow
> service costs time. And yes, even if that clause is seperated out and
> seperately agreement is required, most customers simply will not read it.
>
>
> I know youall are here to represent your company's interests, and this is
> a serious fact worth considering. I know that some similar monetization
> schemes already, and if you dont see the opportunity then your registrar is
> probably missing out. The registrars that do this not only make extra
> money, but the data is used to do anti-abuse work for them for free so they
> can keep their customer base clean without hiring anyone extra.
>
> Well, my employment and my company's interests are not all that there is
> to me. I also firmly believe in consumer privacy and the right of each
> individual to the privacy of their own data.
>
> Best,
> Volker
>
>
>
>
>
> On Jun 8, 2017 4:56 AM, "Stephanie Perrin" <stephanie.perrin at mail.
> utoronto.ca> wrote:
>
> Calling me naive, ill informed etc.  does not actually answer the question
> folks.  It is, I am afraid, a valid question.  What criteria does an
> organization like APWG apply, when it admits members and shares data with
> them?  How do you ensure you are not sharing data with organizations who
> are going to misuse it?  that data of course is much more that what we are
> talking about with thin data, but I did actually work on this issue on
> successive versions of the anti-spam legislation.  Oddly enough, government
> lawyers examining the issue (mostly from the competition bureau who deal
> with criminal matters) never labelled me "naive".
>
> Folks, can we please try to be polite to one another on this list?  When I
> have questions like this, I often check with experts before I ask.  They
> don't call me naive, they answer my questions.
>
> Thanks again.
>
> Stephanie
>
> On 2017-06-08 01:54, Neil Schwartzman wrote:
>
> My experience differs slightly. They aren’t ignored. The presence of these
> .TLDs is a strong indicator of abuse which bears further investigation.
>
> To the point at hand: I believe the notion of certifying private
> cybercrime investigators to be painfully naive (do I ignore reports from
> someone without a Internet Investigator License? Do we disallow them access
> to data?), impractical in the developed world, and deeply chauvinistic,
> patronizing and exclusionary to our colleagues in emerging nations where
> capacity building is exactly what’s needed to deal with next-gen abuse.
>
>
> On Jun 8, 2017, at 2:36 AM, allison nixon <elsakoo at gmail.com> wrote:
>
> We're getting there. Entire top level domains are already ignored on many
> networks like .science, .xyz, .pw, .top, .club, et cetera
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUPwww.keydrive.lu
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901>
> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851>
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUPwww.keydrive.lu
>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170608/e192dd98/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list