[gnso-rds-pdp-wg] On unauthenticated vs gated access (was Re: Reputation systems are not just nice to have)

allison nixon elsakoo at gmail.com
Wed Oct 4 14:57:02 UTC 2017


>> The problem that nobody has any idea who is collecting this data, and
that some of it is personal data.

But without verification of identity, the data is still no good. If this is
something that is really needed, those operating whois servers can expose
their access logs and some analysis can be done on the ip addresses making
the queries and what they are querying for. Maybe that should be done
before an entire system of questionable value is built.

>> But then, of course, we can have meaningful discussions about what kinds
of clients are querying and at what volumes.  One thing I'm finding pretty
frustrating about all this discussion is that we're having most of it in
the complete absence of any data.

I think everyone is in agreement that some percentage of whois queries are
abusive and only for the purpose of sending spam, and the vast majority of
all queries are going to be aggregators. So i dont know what specific
questions need to be answered that arent already.



>> The legal memo we received made me believe that some sort of accounting
of who gets the data under what conditions would be a necessary but not
sufficient condition for publication of certain kinds of data.

I really doubt the gdpr is a blanket ban on all public publishing of all
data. Unless the "gate" positively identifies all queriers without
possibility of falsification of data in their own, thats going to be worse
than a "this is publicly released, cope with it or dont disclose" type of
notification to end users.


>> I believe the history of "we need more user education" to solve problems
on the Internet suggests that it is not a great plan.

Purchasing ICANN gtld domains is a rather specific, nonessential, and
advanced usage of the internet that most people will not do. If they aren't
capable of comprehending basic privacy concepts, maybe we should seriously
talk about discouraging them from buying domains.


On Oct 3, 2017 8:14 PM, "Andrew Sullivan" <ajs at anvilwalrusden.com> wrote:

> On Tue, Oct 03, 2017 at 07:53:55PM -0400, allison nixon wrote:
> > What problem would this be intended to solve?
>
> The problem that nobody has any idea who is collecting this data, and
> that some of it is personal data.
>
> > Researchers wont be caught out by it because by and large we use
> > aggregators, and the whois audit logs will summarily be full of "i am
> whois
> > aggregator X and my purpose is to aggregate whois" and they will have the
> > full support of the community, as they fulfill critical parts of the anti
> > abuse purpose.
>
> But then, of course, we can have meaningful discussions about what
> kinds of clients are querying and at what volumes.  One thing I'm
> finding pretty frustrating about all this discussion is that we're
> having most of it in the complete absence of any data.
>
> The legal memo we received made me believe that some sort of
> accounting of who gets the data under what conditions would be a
> necessary but not sufficient condition for publication of certain
> kinds of data.
>
> > This is part of the personal responsibility they need to take when they
> > venture out into the internet, which they should learn sooner rather than
> > later that it will not guarantee their safety.
>
> I believe the history of "we need more user education" to solve
> problems on the Internet suggests that it is not a great plan.
>
> A
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171004/86d8b569/attachment.html>


More information about the gnso-rds-pdp-wg mailing list