[gnso-rds-pdp-wg] Facebook loses Belgian court case over consent and tracking
Steve Crocker
steve at shinkuro.com
Tue Feb 20 16:50:28 UTC 2018
I'm puzzled by the reference to name servers and A records. These are
necessarily public else the domain name system won't function. Is there
confusion or misunderstanding about the role of these records?
Steve
On Tue, Feb 20, 2018 at 11:47 AM, allison nixon <elsakoo at gmail.com> wrote:
> 1,000,000% agreed. Registrars cannot eliminate all their risk by masking
> WHOIS into oblivion. The DPAs can still ask why they are exposing A
> records, nameservers, etc, to anyone who asks for them, without valid
> reasons or authentication. Why do they expose zone files, etc. The DPAs can
> ask why customer support can sometimes so easily be social engineered into
> handing over accounts to account takeover scammers.
>
> Since most registrars are also hosting providers/mail providers, would
> criminals storing stolen PII on your servers be a GDPR issue? After all,
> the ultimate owner of the server is also considered a "processor", which
> has interesting implications if one's customers include phishers, or sell
> stolen credit cards, and one's already been notified. I have even seen
> miscreants putting doxes in TXT records.
>
> I already know of quite a few incidents where people would have had
> standing to file a GDPR complaint against registrars/hosters, unrelated to
> WHOIS.
>
> Eventually the issue is going to impact the core business model of
> registrars. This isn't going to stop at WHOIS. An open dialog with the DPAs
> at an early stage is of utmost importance for all parties involved here.
>
>
> On Mon, Feb 19, 2018 at 10:16 AM, Sam Lanfranco <sam at lanfranco.net> wrote:
>
>> Benny,
>>
>> This is why I support multi-venue multi-stakholder dialogue with the
>> DPA's so that they are appraised of the issues on all sides of the data
>> protection issue. They are then more likely to act in a judicious manner,
>> and less like an attack dog. Watch the new movie "*The Post*" where when *Washington
>> Post* owner Katharine Graham decided to publish the Vietnam War Pentagon
>> Papers, with the downside risk that she could be jailed for treason. The
>> court ruled in favor of freedom of the press. It is not what the DPA can
>> do, but what they are likely to do, and dialogue goes a long way to
>> mitigating risk and shaping appropriate positions and behavior (with
>> integrity) on all sides.
>>
>> Sam L.
>>
>> On 2/19/2018 10:02 AM, benny at nordreg.se wrote:
>>
>> <ironi on> Now I am relieved, we as registrars will not be subject for
>> anything… </ironi off>
>>
>> None of us know where and what they will prioritise,* remember that it
>> only take 1 complaint to a DPA to get the snowball moving.* [emphasis
>> added] I am sure your statement have noe value then.
>>
>> --
>> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>>
>> Benny Samuelsen
>> Registry Manager - Domainexpert
>>
>> Nordreg AB - ICANN accredited registrar
>> IANA-ID: 638
>> Phone: +46.42197000 <+46%2042%2019%2070%2000>
>> Direct: +47.32260201 <+47%2032%2026%2002%2001>
>> Mobile: +47.40410200 <+47%20404%2010%20200>
>>
>> On 19 Feb 2018, at 15:29, Sam Lanfranco <sam at lanfranco.net> wrote:
>>
>> Hi Tim,
>>
>> No, completely to the contrary. My point with that dollars reference was
>> that in some cases litigation is the preferred business response, rather
>> than compliance and paying fines. Also, the big revenues in mining big data
>> are outside the DNS sphere, and outside the abuses and "bad things" that
>> websites do to people. The big EU fines are more likely to hit social media
>> than Registrars, although they are risks there as well. The revenues, and
>> privacy violations, will come from profiling users by mining big data for
>> scraps of personal date to individualize target marketing.
>>
>> *As a brief aside:* This goes well beyond the remit of ICANN and is
>> actually worse than just being inundated by adverts base on personal online
>> behavior. Artificial Intelligence mining apps are increasingly customizing
>> the "news" one gets from news feeds, to help "glue the eyeballs" to the
>> adverts, creating a news silo of one. (That is amusing for me since I
>> virtually live in two towns in two countries). Even more worrisome is the
>> growing practice for A.I. companies where A.I. "writes" the news releases,
>> now mainly in sports and finance, for thousands of print and online news
>> outlets. I know all of this is outside the ICANN remit so I will stop
>> there.
>>
>> Sam L.
>>
>> On 2/18/2018 5:43 PM, Chen, Tim wrote:
>>
>> Hi Sam,
>>
>> When you say these are hundred million dollar issues for "the
>> companies",which companies are you talking about? Large Registrars?
>>
>> I hope you are not comparing cybersecurity professionals and the good
>> work they are trying to enable, to a completely separate privacy issue
>> around data used for ad tracking or behavior tracking across websites. If
>> I spent my days trying to protect people on the internet from bad things, I
>> would certainly not appreciate any allusion that I was engaged on the whois
>> data issue 'for the money'.
>>
>> Tim
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>> --
>> ------------------------------------------------
>> "It is a disgrace to be rich and honoured
>> in an unjust state" -Confucius
>> 邦有道,贫且贱焉,耻也。邦无道,富且贵焉,耻也
>> ------------------------------------------------
>> Visiting Prof, Xi'an Jaiotong-Liverpool Univ, Suzhou, China
>> Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
>> Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
>> email: sam at lanfranco.net Skype: slanfranco
>> blog: https://samlanfranco.blogspot.com
>> Phone: +1 613-476-0429 <(613)%20476-0429> cell: +1 416-816-2852 <(416)%20816-2852>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180220/602f9481/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list