[gnso-rds-pdp-wg] Who is in charge? (was Re: Why the thin data is necessary)]
Volker Greimann
vgreimann at key-systems.net
Thu Jun 8 14:55:10 UTC 2017
I see, interesting!
Am 08.06.2017 um 16:52 schrieb allison nixon:
> >>A lot of the spam we see as registrars is tied to the creation date
> or renewal date of a domain name:
> >>"Your domain is expiring, transfer now!"
> >>"You registered this domain but it has not been listed with search engines yet!"
> etc.
>
> The issue is not because the spammer knows the expiration date. the
> issue is because the spammer knows the email and the emails were not
> properly filtered. multiple failures occurred along that path, but
> disclosing the expiration date of the domain was not one.
>
>
> >>Any data being published is obvious nonsense. Data published by the
> data subjects themselves is also not problematic as long as they are
> aware of what they are doing. If I post my private information on my
> facebook profile, that is my choice and I clearly know what I am
> doing. If I give my hosting provider my address details without
> reading the registration agreement that I agree to, that is a totally
> different story.
>
> The blame for this lies solely on the registrars. don't their websites
> make it clear that WHOIS data is public? I'm pretty sure that when
> they try to sell WHOIS privacy, they make this very very clear. At
> this point this is an effort to protect people who fail to read very
> clear instructions that are unlikely to be buried in a EULA.
>
> >>I thought that term means constantly interrupting the other party to
> "correct" them without giving them opportunity to finish? I wasn't
> aware that this can be done by email.
>
> Interruptions don't work over email. My point is we see registrars
> attempting to lecture anti-spam people about spam using facts that are
> dead wrong.
>
> >>Just because there are alternative options that does not imply that
> the status quo is as it should or needs to be. Privacy officials have
> repeatedly told ICANN that the current WHOIS has significant issues
> and it is now time to address those issues.
>
> There absolutely are, especially if the registrars are not making it
> clear to their customers that WHOIS data is public. This is not a
> valid reason to shut down WHOIS.
>
>
>
>
>
>
>
>
> On Thu, Jun 8, 2017 at 9:43 AM, Volker Greimann
> <vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>> wrote:
>
> Hi Allison,
>>
>> -registrars complain about spam, but they so far haven't named a
>> single criminal gang that spams. But they harp over and over
>> about domaintools, who do not contribute to spam.
> If we thought it would contribute to the discussion, we would name
> the spammers we have seen, although I personally do not know who
> is behind those mails we see. We are not investigators of such
> issues after all.
>
>> -there are also the ridiculous arguments that the creation dates
>> etc in whois can possibly be abused, no evidence is provided.
> A lot of the spam we see as registrars is tied to the creation
> date or renewal date of a domain name:
> "Your domain is expiring, transfer now!"
> "You registered this domain but it has not been listed with search
> engines yet!"
> etc.
>
>> -there are also the "legal" arguments where people are saying
>> making any data public is illegal now, but if this is true, can
>> we look forward to a total social media shutdown too? No one can
>> reconcile that simple logical inconsistency.
> Any data being published is obvious nonsense. Data published by
> the data subjects themselves is also not problematic as long as
> they are aware of what they are doing. If I post my private
> information on my facebook profile, that is my choice and I
> clearly know what I am doing. If I give my hosting provider my
> address details without reading the registration agreement that I
> agree to, that is a totally different story.
>
>> -apparently those meetings with the much-adored privacy
>> commisioner did not include any voices from those who worked in
>> security.
> If the needs of those that work in security means legal
> requirements have to be violated then there is a problem. If they
> can work within the legal requirements then there isn't.
>
>> -we also have registrars attempting to "mansplain" spam and abuse
>> to people who work IN antispam and antiabuse
> I thought that term means constantly interrupting the other party
> to "correct" them without giving them opportunity to finish? I
> wasn't aware that this can be done by email.
>> -we have people complain about lack of privacy in whois when it's
>> already been proven that private people have many options to
>> choose from
> Just because there are alternative options that does not imply
> that the status quo is as it should or needs to be. Privacy
> officials have repeatedly told ICANN that the current WHOIS has
> significant issues and it is now time to address those issues.
>>
>> So these logical inconsistencies raise serious questions.
>> Personally, i am not so quick to accuse people of criminal
>> motivations. After all, i did check the numbers to see if any of
>> the registrars participating here have a disproportionate number
>> of abusive customers. Thanks to the existence of public whois, i
>> did not observe anything indicating that.
> I do not see any inconsistencies. Maybe it depends on the point of
> view and personal experience.
>>
>> Still, the logical inconsistencies raise many questions.
>> Personally, my theory is that the registrars dont want to spend
>> money on running whois servers. And they are bitter that
>> aggregators make money from it when they don't. That type of
>> argument is logically consistent and is something i can actually
>> work with.
> Whois servers cost next to nothing to maintain. It is the
> complaints of current or former customers why their current/old
> information is (still) out there even though they sold or deleted
> their domain or changed their data that cost time (=money). Having
> to explain to customers that the agreement that they didn't read
> included a reference to our obligation to publish their whois
> details and pass them on to the registry and escrow service costs
> time. And yes, even if that clause is seperated out and seperately
> agreement is required, most customers simply will not read it.
>>
>> I know youall are here to represent your company's interests, and
>> this is a serious fact worth considering. I know that some
>> similar monetization schemes already, and if you dont see the
>> opportunity then your registrar is probably missing out. The
>> registrars that do this not only make extra money, but the data
>> is used to do anti-abuse work for them for free so they can keep
>> their customer base clean without hiring anyone extra.
> Well, my employment and my company's interests are not all that
> there is to me. I also firmly believe in consumer privacy and the
> right of each individual to the privacy of their own data.
>
> Best,
> Volker
>
>>
>>
>>
>>
>> On Jun 8, 2017 4:56 AM, "Stephanie Perrin"
>> <stephanie.perrin at mail.utoronto.ca
>> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>>
>> Calling me naive, ill informed etc. does not actually answer
>> the question folks. It is, I am afraid, a valid question.
>> What criteria does an organization like APWG apply, when it
>> admits members and shares data with them? How do you ensure
>> you are not sharing data with organizations who are going to
>> misuse it? that data of course is much more that what we are
>> talking about with thin data, but I did actually work on this
>> issue on successive versions of the anti-spam legislation.
>> Oddly enough, government lawyers examining the issue (mostly
>> from the competition bureau who deal with criminal matters)
>> never labelled me "naive".
>>
>> Folks, can we please try to be polite to one another on this
>> list? When I have questions like this, I often check with
>> experts before I ask. They don't call me naive, they answer
>> my questions.
>>
>> Thanks again.
>>
>> Stephanie
>>
>>
>> On 2017-06-08 01:54, Neil Schwartzman wrote:
>>> My experience differs slightly. They aren’t ignored. The
>>> presence of these .TLDs is a strong indicator of abuse which
>>> bears further investigation.
>>>
>>> To the point at hand: I believe the notion of certifying
>>> private cybercrime investigators to be painfully naive (do I
>>> ignore reports from someone without a Internet Investigator
>>> License? Do we disallow them access to data?), impractical
>>> in the developed world, and deeply chauvinistic, patronizing
>>> and exclusionary to our colleagues in emerging nations where
>>> capacity building is exactly what’s needed to deal with
>>> next-gen abuse.
>>>
>>>
>>>> On Jun 8, 2017, at 2:36 AM, allison nixon
>>>> <elsakoo at gmail.com <mailto:elsakoo at gmail.com>> wrote:
>>>>
>>>> We're getting there. Entire top level domains are already
>>>> ignored on many networks like .science, .xyz, .pw, .top,
>>>> .club, et cetera
>>>
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.:+49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
> Fax.:+49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.:+49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
> Fax.:+49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:
> www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>
> www.twitter.com/key_systems <http://www.twitter.com/key_systems>
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUP
> www.keydrive.lu <http://www.keydrive.lu>
>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170608/13ca6b50/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list