[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP

Fri Feb 16 23:35:20 UTC 2018

On 2/16/2018 5:22 PM, Sara Bockey wrote:
> Not only is our decision to mask customer information in Port43 
> completely unrelated to GDPR, but it results directly from attacks 
> by third parties who harvest and sell our customers’ personal 
> information.

I don't know what precipitated this conversation, but I will jump in 
here based on my actual experience.

To say "it results directly from attacks by third parties 
who harvest and sell our customers’ personal information" is a complete lie!

GoDaddy has blocked MANY IP addresses I've attempted to use port 43 
WHOIS on with absolutely no due process!  And I can say with absolute 
certainty that I and my IP addresses were not involved in any form of 
"attack(s) by third parties".

But if I wanted to continue fighting phishing, spammers and other abuses 
without being forced to use GoDaddy's cumbersome web interface (with 
their stupid "I'm not a robot" and "Choose all the pictures that have a 
goldfish in them" games) to process each WHOIS request, I would have to 
give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign 
their "whitelist request" to get myself back to business!!!

> Given the onslaught of spam and robo-calls our customers have been 
> receiving – often within minutes of registering a domain name—we felt 
> that action was required, if not overdue.

I'm not sure I can see how port 43 WHOIS requests can be used to 
determine new domain registrations in the way you imply?  Maybe you can 
share how that works??

> WHOIS information is still very much available for any & all domain 
> names via our web-based WHOIS tool,
>

It may be available, but it's quite cumbersome and a waste of good 
peoples' time!!

> However, bulk access by anonymous users is no longer supported.
>

I didn't know "bulk access by anonymous users" was ever a thing?!? If 
you were intent on blocking "bulk access", why should that have impacted 
port 43 WHOIS requests for single domains???

> I also note that during this entire process, we have kept ICANN 
> informed of both the attacks on our Port43 systems
>

Please provide the evidence of my "attacks" that you've provided to 
ICANN to justify your restricting WHOIS data to any of my IP addresses.

> as well as our efforts to mitigate them. Our actions are justified and 
> to imply otherwise is not only inaccurate but does nothing to move 
> this PDP forward.
>

Your actions were unilateral and (in my opinion) violated your registrar 
agreement(s) with ICANN.  You're allowed to block ABUSIVE behavior, but 
you blocked many many requests with absolutely no evidence of abuse!  
How can you justify that???

Patrick Klos
Phishcop Admin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180216/d5c3b02c/attachment.html>