As my understanding goes the information in WHOIS is used for a ton of shit, the data holders not being the only ones that use the data as the data is public data. Different sysadmins use WHOIS differently in their solutions.
WHOIS is a tool a bunch of people use a bunch of ways.
Essentially the letter is asking them to enumerate every possible way the data could be used, but ICANN doesn't know that answer, because they aren't the only folks consuming the data. The letter asks them to define a bunch of stuff they can't define.
Like I can do a whois lookup, from my phone, just to figure out who owns a web host, and there's no telling what I'm doing with it in a technical or business aspect after that.
They are trying enumerate the schools of usage to give the entire tech industry a little leeway rather than having to... enumerate, specifically, every way, every single sys admin and business entity uses WHOIS data.
If ICANN requires information to get a domain, they need to have an actual reason, not just "someone, somewhere is doing something with it."
So yes, they have to enumerate what they are doing with it.
Essential contact information, sure, that's fine to have mandatory. Someone's personal email, less so. Someone's address, very much less so.
EDIT: Also, if someone is doing WHOIS lookups of essential contact information for non legitimate purposes, such as building a mailing list, that's not ICANN's problem, as long as there's a good reason to allows unrestricted lookups of the essential contact information, and they get an "agreement" that it's used for that reason.
Want to contact the owner of a domain for technical reasons, or to resolve any issues caused by their ownership of that domain ? Use WHOIS.
Okay then, what's the problem? I'm not parsing what the actual problem is if this isn't a problem.
ICANN still need to define what is a legitimate use.
Okay but they did. The Working Party just doesn't like that they're not specific enough about it.
Which, again, sounds needlessly picky and like bureaucratic nonsense.
Article 5(1)b GDPR provides inter alia that personal data shall be “collected for specified,
explicit and legitimate purposes”. In its Opinion on purpose limitation, the WP29 has clarified
that purposes specified by the controller must be detailed enough to determine what kind of
processing is and is not included within the specified purpose, and to allow that compliance
with the law can be assessed and data protection safeguards applied.6 Not all of the purposes
enumerated in the Final Interim Model satisfy these requirements. Providing “legitimate
access” to “accurate, reliable and uniform registration data”, for example, does not amount to
a specified purpose within the meaning of article 5(1)b GDPR, as it does not allow to
determine what kind of processing is or is not included, nor does it enable a subsequent
assessment of compliance or compatibility in case access is provided.
And then in the next paragraph:
The WP29 stresses the importance of explicitly defining legitimate purposes in a way which
comports with the requirements of the GDPR. It therefore urges ICANN to revisit its current
definition of “purposes” in light of these requirements. Moreover, it notes that the purposes
must be defined in a comprehensive and exhaustive manner. Use of the word “include”
suggests that not all purposes are made explicit, which would also be incompatible with article 5(1)b GDPR.
Note that they're picking at the fact that ICANN wants to provide access to this data, therefore ICANN has to more closely define not just the reasons they want the data, but why anyone else would want the data from ICANN. Which is a task that ICANN, rightfully, says is impossible.
I'm probably ignorant to some big WHOIS scam, but from my standpoint I've always recommended that customers either hide their info or use shell contact info, so I really struggle to understand why the WP doesn't just exclude WHOIS from GDPR requirements. Or why they aren't making meaningful suggestions, rather than just criticisms. WHOIS is really fucking important to keep running, so maybe if the list of reasons needs to be exhaustive let's sit down and start writing.
If you recommend that people hide their info then how is WHOIS required to keep the internet running? Either the data is required, and ICANN should elaborate on that, or it's not and the default should be to not store and give personal information to anyone that asks. Maybe I'm missing a use case, but I don't see how a name, phone, and address is useful or required to own a domain.
It seems obvious that a public domain needs to have a publicly registered owner for all kinds of reasons. Like if it is sending DDOS attacks all over the place or it is hosting child porn.
If GoDaddy or whatever is the contact info and acts as a cut out they can still contact you if necessarily or otherwise handle the issue.
While racing light mechs, your Urbanmech comes in second place, but only because it ran out of ammo.
As my understanding goes the information in WHOIS is used for a ton of shit, the data holders not being the only ones that use the data as the data is public data. Different sysadmins use WHOIS differently in their solutions.
WHOIS is a tool a bunch of people use a bunch of ways.
Essentially the letter is asking them to enumerate every possible way the data could be used, but ICANN doesn't know that answer, because they aren't the only folks consuming the data. The letter asks them to define a bunch of stuff they can't define.
Like I can do a whois lookup, from my phone, just to figure out who owns a web host, and there's no telling what I'm doing with it in a technical or business aspect after that.
They are trying enumerate the schools of usage to give the entire tech industry a little leeway rather than having to... enumerate, specifically, every way, every single sys admin and business entity uses WHOIS data.
If ICANN requires information to get a domain, they need to have an actual reason, not just "someone, somewhere is doing something with it."
So yes, they have to enumerate what they are doing with it.
Essential contact information, sure, that's fine to have mandatory. Someone's personal email, less so. Someone's address, very much less so.
EDIT: Also, if someone is doing WHOIS lookups of essential contact information for non legitimate purposes, such as building a mailing list, that's not ICANN's problem, as long as there's a good reason to allows unrestricted lookups of the essential contact information, and they get an "agreement" that it's used for that reason.
Want to contact the owner of a domain for technical reasons, or to resolve any issues caused by their ownership of that domain ? Use WHOIS.
Okay then, what's the problem? I'm not parsing what the actual problem is if this isn't a problem.
ICANN still need to define what is a legitimate use.
Okay but they did. The Working Party just doesn't like that they're not specific enough about it.
Which, again, sounds needlessly picky and like bureaucratic nonsense.
Article 5(1)b GDPR provides inter alia that personal data shall be “collected for specified,
explicit and legitimate purposes”. In its Opinion on purpose limitation, the WP29 has clarified
that purposes specified by the controller must be detailed enough to determine what kind of
processing is and is not included within the specified purpose, and to allow that compliance
with the law can be assessed and data protection safeguards applied.6 Not all of the purposes
enumerated in the Final Interim Model satisfy these requirements. Providing “legitimate
access” to “accurate, reliable and uniform registration data”, for example, does not amount to
a specified purpose within the meaning of article 5(1)b GDPR, as it does not allow to
determine what kind of processing is or is not included, nor does it enable a subsequent
assessment of compliance or compatibility in case access is provided.
And then in the next paragraph:
The WP29 stresses the importance of explicitly defining legitimate purposes in a way which
comports with the requirements of the GDPR. It therefore urges ICANN to revisit its current
definition of “purposes” in light of these requirements. Moreover, it notes that the purposes
must be defined in a comprehensive and exhaustive manner. Use of the word “include”
suggests that not all purposes are made explicit, which would also be incompatible with article 5(1)b GDPR.
Note that they're picking at the fact that ICANN wants to provide access to this data, therefore ICANN has to more closely define not just the reasons they want the data, but why anyone else would want the data from ICANN. Which is a task that ICANN, rightfully, says is impossible.
I'm probably ignorant to some big WHOIS scam, but from my standpoint I've always recommended that customers either hide their info or use shell contact info, so I really struggle to understand why the WP doesn't just exclude WHOIS from GDPR requirements. Or why they aren't making meaningful suggestions, rather than just criticisms. WHOIS is really fucking important to keep running, so maybe if the list of reasons needs to be exhaustive let's sit down and start writing.
The working group is making useful suggestions.
Also, it's ICANN's job to list the reasons. People have a right to know in which circumstances their private information will be shared, and how access will be protected.
For example, Equifax might not have been able to give an exhaustive list of why everyone who had access to the data Equifax collected, but that's not a good thing.
Also, there's one and only one legitimate use of WHOIS (personal) data. Other uses should not be accommodated, including by collecting data that is not absolutely essential for that legitimate use, and if someone is found to use WHOIS for illegitimate uses, then reasonable steps should be taken to limit their access.
Really? I use it for several so I'm interested what your one true use is.
As my understanding goes the information in WHOIS is used for a ton of shit, the data holders not being the only ones that use the data as the data is public data. Different sysadmins use WHOIS differently in their solutions.
WHOIS is a tool a bunch of people use a bunch of ways.
Essentially the letter is asking them to enumerate every possible way the data could be used, but ICANN doesn't know that answer, because they aren't the only folks consuming the data. The letter asks them to define a bunch of stuff they can't define.
Like I can do a whois lookup, from my phone, just to figure out who owns a web host, and there's no telling what I'm doing with it in a technical or business aspect after that.
They are trying enumerate the schools of usage to give the entire tech industry a little leeway rather than having to... enumerate, specifically, every way, every single sys admin and business entity uses WHOIS data.
If ICANN requires information to get a domain, they need to have an actual reason, not just "someone, somewhere is doing something with it."
So yes, they have to enumerate what they are doing with it.
Essential contact information, sure, that's fine to have mandatory. Someone's personal email, less so. Someone's address, very much less so.
EDIT: Also, if someone is doing WHOIS lookups of essential contact information for non legitimate purposes, such as building a mailing list, that's not ICANN's problem, as long as there's a good reason to allows unrestricted lookups of the essential contact information, and they get an "agreement" that it's used for that reason.
Want to contact the owner of a domain for technical reasons, or to resolve any issues caused by their ownership of that domain ? Use WHOIS.
Okay then, what's the problem? I'm not parsing what the actual problem is if this isn't a problem.
ICANN still need to define what is a legitimate use.
Okay but they did. The Working Party just doesn't like that they're not specific enough about it.
Which, again, sounds needlessly picky and like bureaucratic nonsense.
Article 5(1)b GDPR provides inter alia that personal data shall be “collected for specified,
explicit and legitimate purposes”. In its Opinion on purpose limitation, the WP29 has clarified
that purposes specified by the controller must be detailed enough to determine what kind of
processing is and is not included within the specified purpose, and to allow that compliance
with the law can be assessed and data protection safeguards applied.6 Not all of the purposes
enumerated in the Final Interim Model satisfy these requirements. Providing “legitimate
access” to “accurate, reliable and uniform registration data”, for example, does not amount to
a specified purpose within the meaning of article 5(1)b GDPR, as it does not allow to
determine what kind of processing is or is not included, nor does it enable a subsequent
assessment of compliance or compatibility in case access is provided.
And then in the next paragraph:
The WP29 stresses the importance of explicitly defining legitimate purposes in a way which
comports with the requirements of the GDPR. It therefore urges ICANN to revisit its current
definition of “purposes” in light of these requirements. Moreover, it notes that the purposes
must be defined in a comprehensive and exhaustive manner. Use of the word “include”
suggests that not all purposes are made explicit, which would also be incompatible with article 5(1)b GDPR.
Note that they're picking at the fact that ICANN wants to provide access to this data, therefore ICANN has to more closely define not just the reasons they want the data, but why anyone else would want the data from ICANN. Which is a task that ICANN, rightfully, says is impossible.
I'm probably ignorant to some big WHOIS scam, but from my standpoint I've always recommended that customers either hide their info or use shell contact info, so I really struggle to understand why the WP doesn't just exclude WHOIS from GDPR requirements. Or why they aren't making meaningful suggestions, rather than just criticisms. WHOIS is really fucking important to keep running, so maybe if the list of reasons needs to be exhaustive let's sit down and start writing.
The working group is making useful suggestions.
Also, it's ICANN's job to list the reasons. People have a right to know in which circumstances their private information will be shared, and how access will be protected.
For example, Equifax might not have been able to give an exhaustive list of why everyone who had access to the data Equifax collected, but that's not a good thing.
Also, there's one and only one legitimate use of WHOIS (personal) data. Other uses should not be accommodated, including by collecting data that is not absolutely essential for that legitimate use, and if someone is found to use WHOIS for illegitimate uses, then reasonable steps should be taken to limit their access.
Really? I use it for several so I'm interested what your one true use is.
Contact someone responsible for the domain to solve technical issues and for law enforcement. For example, DDOS originating from there.
As my understanding goes the information in WHOIS is used for a ton of shit, the data holders not being the only ones that use the data as the data is public data. Different sysadmins use WHOIS differently in their solutions.
WHOIS is a tool a bunch of people use a bunch of ways.
Essentially the letter is asking them to enumerate every possible way the data could be used, but ICANN doesn't know that answer, because they aren't the only folks consuming the data. The letter asks them to define a bunch of stuff they can't define.
Like I can do a whois lookup, from my phone, just to figure out who owns a web host, and there's no telling what I'm doing with it in a technical or business aspect after that.
They are trying enumerate the schools of usage to give the entire tech industry a little leeway rather than having to... enumerate, specifically, every way, every single sys admin and business entity uses WHOIS data.
If ICANN requires information to get a domain, they need to have an actual reason, not just "someone, somewhere is doing something with it."
So yes, they have to enumerate what they are doing with it.
Essential contact information, sure, that's fine to have mandatory. Someone's personal email, less so. Someone's address, very much less so.
EDIT: Also, if someone is doing WHOIS lookups of essential contact information for non legitimate purposes, such as building a mailing list, that's not ICANN's problem, as long as there's a good reason to allows unrestricted lookups of the essential contact information, and they get an "agreement" that it's used for that reason.
Want to contact the owner of a domain for technical reasons, or to resolve any issues caused by their ownership of that domain ? Use WHOIS.
Okay then, what's the problem? I'm not parsing what the actual problem is if this isn't a problem.
ICANN still need to define what is a legitimate use.
Okay but they did. The Working Party just doesn't like that they're not specific enough about it.
Which, again, sounds needlessly picky and like bureaucratic nonsense.
Article 5(1)b GDPR provides inter alia that personal data shall be “collected for specified,
explicit and legitimate purposes”. In its Opinion on purpose limitation, the WP29 has clarified
that purposes specified by the controller must be detailed enough to determine what kind of
processing is and is not included within the specified purpose, and to allow that compliance
with the law can be assessed and data protection safeguards applied.6 Not all of the purposes
enumerated in the Final Interim Model satisfy these requirements. Providing “legitimate
access” to “accurate, reliable and uniform registration data”, for example, does not amount to
a specified purpose within the meaning of article 5(1)b GDPR, as it does not allow to
determine what kind of processing is or is not included, nor does it enable a subsequent
assessment of compliance or compatibility in case access is provided.
And then in the next paragraph:
The WP29 stresses the importance of explicitly defining legitimate purposes in a way which
comports with the requirements of the GDPR. It therefore urges ICANN to revisit its current
definition of “purposes” in light of these requirements. Moreover, it notes that the purposes
must be defined in a comprehensive and exhaustive manner. Use of the word “include”
suggests that not all purposes are made explicit, which would also be incompatible with article 5(1)b GDPR.
Note that they're picking at the fact that ICANN wants to provide access to this data, therefore ICANN has to more closely define not just the reasons they want the data, but why anyone else would want the data from ICANN. Which is a task that ICANN, rightfully, says is impossible.
I'm probably ignorant to some big WHOIS scam, but from my standpoint I've always recommended that customers either hide their info or use shell contact info, so I really struggle to understand why the WP doesn't just exclude WHOIS from GDPR requirements. Or why they aren't making meaningful suggestions, rather than just criticisms. WHOIS is really fucking important to keep running, so maybe if the list of reasons needs to be exhaustive let's sit down and start writing.
The working group is making useful suggestions.
Also, it's ICANN's job to list the reasons. People have a right to know in which circumstances their private information will be shared, and how access will be protected.
For example, Equifax might not have been able to give an exhaustive list of why everyone who had access to the data Equifax collected, but that's not a good thing.
Also, there's one and only one legitimate use of WHOIS (personal) data. Other uses should not be accommodated, including by collecting data that is not absolutely essential for that legitimate use, and if someone is found to use WHOIS for illegitimate uses, then reasonable steps should be taken to limit their access.
Really? I use it for several so I'm interested what your one true use is.
Contact someone responsible for the domain to solve technical issues and for law enforcement. For example, DDOS originating from there.
That's two, and I'm very skeptical that the WP would consider that specific enough.
As my understanding goes the information in WHOIS is used for a ton of shit, the data holders not being the only ones that use the data as the data is public data. Different sysadmins use WHOIS differently in their solutions.
WHOIS is a tool a bunch of people use a bunch of ways.
Essentially the letter is asking them to enumerate every possible way the data could be used, but ICANN doesn't know that answer, because they aren't the only folks consuming the data. The letter asks them to define a bunch of stuff they can't define.
Like I can do a whois lookup, from my phone, just to figure out who owns a web host, and there's no telling what I'm doing with it in a technical or business aspect after that.
They are trying enumerate the schools of usage to give the entire tech industry a little leeway rather than having to... enumerate, specifically, every way, every single sys admin and business entity uses WHOIS data.
If ICANN requires information to get a domain, they need to have an actual reason, not just "someone, somewhere is doing something with it."
So yes, they have to enumerate what they are doing with it.
Essential contact information, sure, that's fine to have mandatory. Someone's personal email, less so. Someone's address, very much less so.
EDIT: Also, if someone is doing WHOIS lookups of essential contact information for non legitimate purposes, such as building a mailing list, that's not ICANN's problem, as long as there's a good reason to allows unrestricted lookups of the essential contact information, and they get an "agreement" that it's used for that reason.
Want to contact the owner of a domain for technical reasons, or to resolve any issues caused by their ownership of that domain ? Use WHOIS.
Okay then, what's the problem? I'm not parsing what the actual problem is if this isn't a problem.
ICANN still need to define what is a legitimate use.
Okay but they did. The Working Party just doesn't like that they're not specific enough about it.
Which, again, sounds needlessly picky and like bureaucratic nonsense.
Article 5(1)b GDPR provides inter alia that personal data shall be “collected for specified,
explicit and legitimate purposes”. In its Opinion on purpose limitation, the WP29 has clarified
that purposes specified by the controller must be detailed enough to determine what kind of
processing is and is not included within the specified purpose, and to allow that compliance
with the law can be assessed and data protection safeguards applied.6 Not all of the purposes
enumerated in the Final Interim Model satisfy these requirements. Providing “legitimate
access” to “accurate, reliable and uniform registration data”, for example, does not amount to
a specified purpose within the meaning of article 5(1)b GDPR, as it does not allow to
determine what kind of processing is or is not included, nor does it enable a subsequent
assessment of compliance or compatibility in case access is provided.
And then in the next paragraph:
The WP29 stresses the importance of explicitly defining legitimate purposes in a way which
comports with the requirements of the GDPR. It therefore urges ICANN to revisit its current
definition of “purposes” in light of these requirements. Moreover, it notes that the purposes
must be defined in a comprehensive and exhaustive manner. Use of the word “include”
suggests that not all purposes are made explicit, which would also be incompatible with article 5(1)b GDPR.
Note that they're picking at the fact that ICANN wants to provide access to this data, therefore ICANN has to more closely define not just the reasons they want the data, but why anyone else would want the data from ICANN. Which is a task that ICANN, rightfully, says is impossible.
I'm probably ignorant to some big WHOIS scam, but from my standpoint I've always recommended that customers either hide their info or use shell contact info, so I really struggle to understand why the WP doesn't just exclude WHOIS from GDPR requirements. Or why they aren't making meaningful suggestions, rather than just criticisms. WHOIS is really fucking important to keep running, so maybe if the list of reasons needs to be exhaustive let's sit down and start writing.
The working group is making useful suggestions.
Also, it's ICANN's job to list the reasons. People have a right to know in which circumstances their private information will be shared, and how access will be protected.
For example, Equifax might not have been able to give an exhaustive list of why everyone who had access to the data Equifax collected, but that's not a good thing.
Also, there's one and only one legitimate use of WHOIS (personal) data. Other uses should not be accommodated, including by collecting data that is not absolutely essential for that legitimate use, and if someone is found to use WHOIS for illegitimate uses, then reasonable steps should be taken to limit their access.
Really? I use it for several so I'm interested what your one true use is.
Contact someone responsible for the domain to solve technical issues and for law enforcement. For example, DDOS originating from there.
Or to ask them if they'd like to sell you the DNS entry.
As my understanding goes the information in WHOIS is used for a ton of shit, the data holders not being the only ones that use the data as the data is public data. Different sysadmins use WHOIS differently in their solutions.
WHOIS is a tool a bunch of people use a bunch of ways.
Essentially the letter is asking them to enumerate every possible way the data could be used, but ICANN doesn't know that answer, because they aren't the only folks consuming the data. The letter asks them to define a bunch of stuff they can't define.
Like I can do a whois lookup, from my phone, just to figure out who owns a web host, and there's no telling what I'm doing with it in a technical or business aspect after that.
They are trying enumerate the schools of usage to give the entire tech industry a little leeway rather than having to... enumerate, specifically, every way, every single sys admin and business entity uses WHOIS data.
If ICANN requires information to get a domain, they need to have an actual reason, not just "someone, somewhere is doing something with it."
So yes, they have to enumerate what they are doing with it.
Essential contact information, sure, that's fine to have mandatory. Someone's personal email, less so. Someone's address, very much less so.
EDIT: Also, if someone is doing WHOIS lookups of essential contact information for non legitimate purposes, such as building a mailing list, that's not ICANN's problem, as long as there's a good reason to allows unrestricted lookups of the essential contact information, and they get an "agreement" that it's used for that reason.
Want to contact the owner of a domain for technical reasons, or to resolve any issues caused by their ownership of that domain ? Use WHOIS.
Okay then, what's the problem? I'm not parsing what the actual problem is if this isn't a problem.
ICANN still need to define what is a legitimate use.
Okay but they did. The Working Party just doesn't like that they're not specific enough about it.
Which, again, sounds needlessly picky and like bureaucratic nonsense.
Article 5(1)b GDPR provides inter alia that personal data shall be “collected for specified,
explicit and legitimate purposes”. In its Opinion on purpose limitation, the WP29 has clarified
that purposes specified by the controller must be detailed enough to determine what kind of
processing is and is not included within the specified purpose, and to allow that compliance
with the law can be assessed and data protection safeguards applied.6 Not all of the purposes
enumerated in the Final Interim Model satisfy these requirements. Providing “legitimate
access” to “accurate, reliable and uniform registration data”, for example, does not amount to
a specified purpose within the meaning of article 5(1)b GDPR, as it does not allow to
determine what kind of processing is or is not included, nor does it enable a subsequent
assessment of compliance or compatibility in case access is provided.
And then in the next paragraph:
The WP29 stresses the importance of explicitly defining legitimate purposes in a way which
comports with the requirements of the GDPR. It therefore urges ICANN to revisit its current
definition of “purposes” in light of these requirements. Moreover, it notes that the purposes
must be defined in a comprehensive and exhaustive manner. Use of the word “include”
suggests that not all purposes are made explicit, which would also be incompatible with article 5(1)b GDPR.
Note that they're picking at the fact that ICANN wants to provide access to this data, therefore ICANN has to more closely define not just the reasons they want the data, but why anyone else would want the data from ICANN. Which is a task that ICANN, rightfully, says is impossible.
I'm probably ignorant to some big WHOIS scam, but from my standpoint I've always recommended that customers either hide their info or use shell contact info, so I really struggle to understand why the WP doesn't just exclude WHOIS from GDPR requirements. Or why they aren't making meaningful suggestions, rather than just criticisms. WHOIS is really fucking important to keep running, so maybe if the list of reasons needs to be exhaustive let's sit down and start writing.
The working group is making useful suggestions.
Also, it's ICANN's job to list the reasons. People have a right to know in which circumstances their private information will be shared, and how access will be protected.
For example, Equifax might not have been able to give an exhaustive list of why everyone who had access to the data Equifax collected, but that's not a good thing.
Also, there's one and only one legitimate use of WHOIS (personal) data. Other uses should not be accommodated, including by collecting data that is not absolutely essential for that legitimate use, and if someone is found to use WHOIS for illegitimate uses, then reasonable steps should be taken to limit their access.
Really? I use it for several so I'm interested what your one true use is.
Contact someone responsible for the domain to solve technical issues and for law enforcement. For example, DDOS originating from there.
Or to ask them if they'd like to sell you the DNS entry.
And this is yet another demonstration of the Ian Malcolm Problem. The issue isn't that the EU is going to "break" WHOIS, it's that techies once again used something because they could without considering the ramifications, and now that they are being considered, there's panic. Sorry, but I'm not seeing the argument for why the EU isn't right here.
You keep bringing up this Jurassic Park thing like it's a real thing and it isn't - at least not in context.
We exploit systems as humans in nearly everything that we do. It's not always a bad thing and it's not always a good thing. Be it natural resources, the economy, technology, etc - it's literally how we've excelled as a species.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
I'm 100% cool with there being no perfect anonymity in the internet.
I'm also 100% opposed to having my contact information being given to random people without my say so.
Private citizens have no need to be able to track me down, now if the police need it, then sure, go ahead, provided they get a proper authorization.
The purpose is to be able to contact the owner of the domain
The internet doesn't require being able to contact the owner of every domain in order to function so if someone doesn't want their contact information publically available I don't see why it should be.
One issue I have is that it seems like several people are suggesting that privacy is available if you understand the system and work around it and that makes it acceptable. This is the opposite of how it should work. The private option should be the default and if public access confers a benefit then owners can choose to make the information publically available.
If law enforcement needs the information, then it should be private and accessible based on a valid request from law enforcement.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
no that folks should insulate themselves.
I have a work phone and a private phone for example.
If i was registering a domain i would attach it to its own phone number and email that is seperate from the phone my friends and family call me on, or i would use my registrants privacy or proxy services which places them at the forefront of being annoyed but sill holds up the background records for law enforcement and reporting reasons.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
no that folks should insulate themselves.
I have a work phone and a private phone for example.
If i was registering a domain i would attach it to its own phone number and email that is seperate from the phone my friends and family call me on, or i would use my registrants privacy or proxy services which places them at the forefront of being annoyed but sill holds up the background records for law enforcement and reporting reasons.
And if an IP under your control is DOS something else, and your registrar is not picking the phone, then your home address and phone number should be available to anyone who ask. Since this is clearly an emergency, we won't ask them to prove anything.
The purpose is to be able to contact the owner of the domain
The internet doesn't require being able to contact the owner of every domain in order to function so if someone doesn't want their contact information publically available I don't see why it should be.
If law enforcement needs the information, then it should be private and accessible based on a valid request from law enforcement.
So if I'm getting attacked by someone from X IP address, and I do a WHOIS lookup to figure out who the ISP is and who their abuse contact is, I should just pound sand?
That sounds pretty bad. Law enforcement is far less interested in cyber crime than you think. Most issues are handled by two ISP's communicating with each other about an issue.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
Really not how hiding it works. It's a filtered proxy, and the registrar still has your actual contact info. Stuff that I'm pretty sure a warrant could still retrieve, too.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
no that folks should insulate themselves.
I have a work phone and a private phone for example.
If i was registering a domain i would attach it to its own phone number and email that is seperate from the phone my friends and family call me on, or i would use my registrants privacy or proxy services which places them at the forefront of being annoyed but sill holds up the background records for law enforcement and reporting reasons.
And if an IP under your control is DOS something else, and your registrar is not picking the phone, then your home address and phone number should be available to anyone who ask. Since this is clearly an emergency, we won't ask them to prove anything.
The point of the accredited registrar is that they are always available for such tasks.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
no that folks should insulate themselves.
I have a work phone and a private phone for example.
If i was registering a domain i would attach it to its own phone number and email that is seperate from the phone my friends and family call me on, or i would use my registrants privacy or proxy services which places them at the forefront of being annoyed but sill holds up the background records for law enforcement and reporting reasons.
And if an IP under your control is DOS something else, and your registrar is not picking the phone, then your home address and phone number should be available to anyone who ask. Since this is clearly an emergency, we won't ask them to prove anything.
The point of the accredited registrar is that they are always available for such tasks.
And today, they are not. It's clearly the most emerging of emergency, so the WHOIS system should return your full contact information immediately!
More importantly, you don't get to know what the procedure is, or who can get your information.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
no that folks should insulate themselves.
I have a work phone and a private phone for example.
If i was registering a domain i would attach it to its own phone number and email that is seperate from the phone my friends and family call me on, or i would use my registrants privacy or proxy services which places them at the forefront of being annoyed but sill holds up the background records for law enforcement and reporting reasons.
And if an IP under your control is DOS something else, and your registrar is not picking the phone, then your home address and phone number should be available to anyone who ask. Since this is clearly an emergency, we won't ask them to prove anything.
The point of the accredited registrar is that they are always available for such tasks.
And today, they are not. It's clearly the most emerging of emergency, so the WHOIS system should return your full contact information immediately!
More importantly, you don't get to know what the procedure is, or who can get your information.
they would be in breach of current protocol and would lose their accreditation to provide such services in the future. They would totally fuck their business plan. The registrar answers the phone.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
Having a contact doesn't mean having your contact info, but being able to contact a domain owner is still useful, whether for a technical reason (DNS problems, email spam, etc) or a legal one (copyright claims and such) or even just identifying if a domain is owned by who they say they are
And this is yet another demonstration of the Ian Malcolm Problem. The issue isn't that the EU is going to "break" WHOIS, it's that techies once again used something because they could without considering the ramifications, and now that they are being considered, there's panic. Sorry, but I'm not seeing the argument for why the EU isn't right here.
That is the issue. If the EU have written a law that will break the internet for them without thinking through a proper implimentation or consideration of technical details that is a huge problem. And a perfect exemplar of why people are concerned that governments will write a bunch of bad laws that don't work.
While racing light mechs, your Urbanmech comes in second place, but only because it ran out of ammo.
I don't understand why the EU law doesn't allow companies to declare to their customers: "Yeah we are going to give all your info to all the people"
Like that applies as much to Whois lookups as accessing someone's Facebook page.
Perhaps there's a clause in the law that states that you need to provide specific use-cases for people who can access multiple records at a time, and so Whois is in breach because everyone can do that but Facebook is not.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
Having a contact doesn't mean having your contact info, but being able to contact a domain owner is still useful, whether for a technical reason (DNS problems, email spam, etc) or a legal one (copyright claims and such) or even just identifying if a domain is owned by who they say they are
Then no one at Contact Privacy Inc. knows who you are, or how to contact you ?
EDIT: Also, in case it's not clear, this is not just about the WHOIS service, this is mainly about the information kept by registrars in order to be able to be registrars.
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
Having a contact doesn't mean having your contact info, but being able to contact a domain owner is still useful, whether for a technical reason (DNS problems, email spam, etc) or a legal one (copyright claims and such) or even just identifying if a domain is owned by who they say they are
Then no one at Contact Privacy Inc. knows who you are, or how to contact you ?
EDIT: Also, in case it's not clear, this is not just about the WHOIS service, this is mainly about the information kept by registrars in order to be able to be registrars.
Well sure they do, or at least the registrar does and I assume they told or will tell them as needed, I dunno I just ticked the privacy option. At the very minimum the registrar needs to know because they need to be able to talk to you
also no we know exactly why we did it, so that you could in fact identify nodes on the internet. So that folks can't hide behind total anonymity in a completely ephemeral space we have no ability to investigate or connect to the real world.
And yet you said that people should hide their identity.
Having a contact doesn't mean having your contact info, but being able to contact a domain owner is still useful, whether for a technical reason (DNS problems, email spam, etc) or a legal one (copyright claims and such) or even just identifying if a domain is owned by who they say they are
Then no one at Contact Privacy Inc. knows who you are, or how to contact you ?
EDIT: Also, in case it's not clear, this is not just about the WHOIS service, this is mainly about the information kept by registrars in order to be able to be registrars.
Well sure they do, or at least the registrar does and I assume they told or will tell them as needed, I dunno I just ticked the privacy option. At the very minimum the registrar needs to know because they need to be able to talk to you
And there you go. That's the point: how that information is kept and released must be documented and justified.
That's all the GDPR requires, in this case.
If it turns out that contact information is not required, then it's not required to provide it to get a domain.
And this is yet another demonstration of the Ian Malcolm Problem. The issue isn't that the EU is going to "break" WHOIS, it's that techies once again used something because they could without considering the ramifications, and now that they are being considered, there's panic. Sorry, but I'm not seeing the argument for why the EU isn't right here.
That is the issue. If the EU have written a law that will break the internet for them without thinking through a proper implimentation or consideration of technical details that is a huge problem. And a perfect exemplar of why people are concerned that governments will write a bunch of bad laws that don't work.
They have not. There's nothing in the GDPR that will break the Internet, or even WHOIS.
But the information is available publicly. It's just not my personal information, it's a proxy. ICANN doesn't even know any information on that domain except for what is there
Anyway, in order to get a .eu domain you need to provide everything, name, address, phone, email to the registrar. It's just that if you are not a business they only publish email in whois and not address or phone #
But the information is available publicly. It's just not my personal information, it's a proxy. ICANN doesn't even know any information on that domain except for what is there
Anyway, in order to get a .eu domain you need to provide everything, name, address, phone, email to the registrar. It's just that if you are not a business they only publish email in whois and not address or phone #
ICANN is the one who decides what registrars must have, and what must be published, and how.
But the information is available publicly. It's just not my personal information, it's a proxy. ICANN doesn't even know any information on that domain except for what is there
Anyway, in order to get a .eu domain you need to provide everything, name, address, phone, email to the registrar. It's just that if you are not a business they only publish email in whois and not address or phone #
ICANN is the one who decides what registrars must have, and what must be published, and how.
Yeah but it doesn't look like they're seeking to change that, they only object to one part. And there's already a solution that ought to be acceptable, so instead of requiring deprecation of a useful service that's as old as the internet itself, just require just require any registrar doing business in Europe offer anonymization at no cost?
But the information is available publicly. It's just not my personal information, it's a proxy. ICANN doesn't even know any information on that domain except for what is there
Anyway, in order to get a .eu domain you need to provide everything, name, address, phone, email to the registrar. It's just that if you are not a business they only publish email in whois and not address or phone #
ICANN is the one who decides what registrars must have, and what must be published, and how.
Yeah but it doesn't look like they're seeking to change that, they only object to one part. And there's already a solution that ought to be acceptable, so instead of requiring deprecation of a useful service that's as old as the internet itself, just require just require any registrar doing business in Europe offer anonymization at no cost?
The GDPR and the working group are not requiring deprecation.
The purpose is to be able to contact the owner of the domain
The internet doesn't require being able to contact the owner of every domain in order to function so if someone doesn't want their contact information publically available I don't see why it should be.
One issue I have is that it seems like several people are suggesting that privacy is available if you understand the system and work around it and that makes it acceptable. This is the opposite of how it should work. The private option should be the default and if public access confers a benefit then owners can choose to make the information publically available.
If law enforcement needs the information, then it should be private and accessible based on a valid request from law enforcement.
WHOIS is also very useful for the free press. Being able to find out who is running what servers and disseminating information has proven important in investigative journalism well before 2016. Not just journalism but general cybersecurity, as it allows researchers and computer security companies to blacklist known problem sites and alert their DNS to what problem sites have been doing. This is an important part of how cybersecurity works.
Accurate WHOIS info also prevents scams, people posing as other entities, and helps with dealing with IP theft. Now, personally I think the last one is applied too heavy handedly, but I also think its important that it exists and can be regulated without having to file a police report every time.
Also, there's no such thing as "good guy key" security. If it's accessible to law enforcement, it's accessible to bad actors as well. You cannot encrypt the protocol such that only law enforcement can handle it.
Facebook has quietly altered its terms of service, making stricter Irish data protection laws no longer binding on the vast majority of its users. The revision was first reported Wednesday by Reuters.
Now, Facebook’s headquarters in California will be responsible for processing any relevant legal claims, and American law will be binding for those outside the EU.
Previously, CEO Mark Zuckerberg had said Facebook would implement new EU rules "everywhere." While Facebook may claim that it is offering EU-style control globally, removing this provision in its own terms of service suggests that the company is trying to mitigate its potential legal liability.
"We want to be clear that there is nothing different about the controls and protections we offer around the world," the company wrote in a public blog post on Tuesday. However, this doesn't appear to apply to the specific legal terms, but it is limited, instead, to the features in Facebook itself.
Prior to the change, Facebook users not only in the European Union, but worldwide—outside of the United States and Canada—were subject to Irish laws as they had signed a contract with Facebook Ireland Limited.
Irish data laws will now only apply strictly to EU users. By eliminating the link to Irish data-protection law, Facebook is removing 1.5 billion users from the EU's new General Data Protection Regulation, which goes into effect next month.
House Republicans have invited Diamond and Silk, two conservative video bloggers who were deemed “unsafe” by Facebook after becoming online sensations, to testify next week about allegations of bias online.
The hearing, set for Thursday before the House Judiciary Committee, comes as Republicans accuse Facebook, Google and Twitter of favoring the liberal points of view popular in Silicon Valley and censoring conservative opinions. All three companies have been invited to attend the hearing but have not said whether they will.
Oh good, let's just ignore that they let radical right, and left, groups host pages on Facebook, and Twitter lets the radical right run a network of bots as a force multiplier, but the one time where Facebook responded within a week apologizing and said it was wrong, that's definitely proof that they're leftists censoring the right?
Also, holy shit senators this is supposed to be about how social media company data leaks are becoming a huge problem. Maybe stop trying to prove your conspiracy theories that they're trying to kill the right, and actually deal with the damn problem you're there to deal with?
Republicans are radicals.
Ofcourse they will accuse social media of being leftists if they so much as look like attempting some moderation of radical elements.
Posts
It seems obvious that a public domain needs to have a publicly registered owner for all kinds of reasons. Like if it is sending DDOS attacks all over the place or it is hosting child porn.
If GoDaddy or whatever is the contact info and acts as a cut out they can still contact you if necessarily or otherwise handle the issue.
Really? I use it for several so I'm interested what your one true use is.
Contact someone responsible for the domain to solve technical issues and for law enforcement. For example, DDOS originating from there.
That's two, and I'm very skeptical that the WP would consider that specific enough.
Or to ask them if they'd like to sell you the DNS entry.
That is not required for the DNS system to work.
We exploit systems as humans in nearly everything that we do. It's not always a bad thing and it's not always a good thing. Be it natural resources, the economy, technology, etc - it's literally how we've excelled as a species.
And yet you said that people should hide their identity.
I'm also 100% opposed to having my contact information being given to random people without my say so.
Private citizens have no need to be able to track me down, now if the police need it, then sure, go ahead, provided they get a proper authorization.
The internet doesn't require being able to contact the owner of every domain in order to function so if someone doesn't want their contact information publically available I don't see why it should be.
One issue I have is that it seems like several people are suggesting that privacy is available if you understand the system and work around it and that makes it acceptable. This is the opposite of how it should work. The private option should be the default and if public access confers a benefit then owners can choose to make the information publically available.
If law enforcement needs the information, then it should be private and accessible based on a valid request from law enforcement.
no that folks should insulate themselves.
I have a work phone and a private phone for example.
If i was registering a domain i would attach it to its own phone number and email that is seperate from the phone my friends and family call me on, or i would use my registrants privacy or proxy services which places them at the forefront of being annoyed but sill holds up the background records for law enforcement and reporting reasons.
And if an IP under your control is DOS something else, and your registrar is not picking the phone, then your home address and phone number should be available to anyone who ask. Since this is clearly an emergency, we won't ask them to prove anything.
So if I'm getting attacked by someone from X IP address, and I do a WHOIS lookup to figure out who the ISP is and who their abuse contact is, I should just pound sand?
That sounds pretty bad. Law enforcement is far less interested in cyber crime than you think. Most issues are handled by two ISP's communicating with each other about an issue.
Really not how hiding it works. It's a filtered proxy, and the registrar still has your actual contact info. Stuff that I'm pretty sure a warrant could still retrieve, too.
The point of the accredited registrar is that they are always available for such tasks.
More importantly, you don't get to know what the procedure is, or who can get your information.
they would be in breach of current protocol and would lose their accreditation to provide such services in the future. They would totally fuck their business plan. The registrar answers the phone.
Having a contact doesn't mean having your contact info, but being able to contact a domain owner is still useful, whether for a technical reason (DNS problems, email spam, etc) or a legal one (copyright claims and such) or even just identifying if a domain is owned by who they say they are
Here's a domain I own, behold my contact info. I suppose the country in the address matches my home address
https://www.whois.com/whois/phyphor.com
That is the issue. If the EU have written a law that will break the internet for them without thinking through a proper implimentation or consideration of technical details that is a huge problem. And a perfect exemplar of why people are concerned that governments will write a bunch of bad laws that don't work.
Like that applies as much to Whois lookups as accessing someone's Facebook page.
Perhaps there's a clause in the law that states that you need to provide specific use-cases for people who can access multiple records at a time, and so Whois is in breach because everyone can do that but Facebook is not.
Then no one at Contact Privacy Inc. knows who you are, or how to contact you ?
EDIT: Also, in case it's not clear, this is not just about the WHOIS service, this is mainly about the information kept by registrars in order to be able to be registrars.
Well sure they do, or at least the registrar does and I assume they told or will tell them as needed, I dunno I just ticked the privacy option. At the very minimum the registrar needs to know because they need to be able to talk to you
And there you go. That's the point: how that information is kept and released must be documented and justified.
That's all the GDPR requires, in this case.
If it turns out that contact information is not required, then it's not required to provide it to get a domain.
Anyway, in order to get a .eu domain you need to provide everything, name, address, phone, email to the registrar. It's just that if you are not a business they only publish email in whois and not address or phone #
Yeah but it doesn't look like they're seeking to change that, they only object to one part. And there's already a solution that ought to be acceptable, so instead of requiring deprecation of a useful service that's as old as the internet itself, just require just require any registrar doing business in Europe offer anonymization at no cost?
WHOIS is also very useful for the free press. Being able to find out who is running what servers and disseminating information has proven important in investigative journalism well before 2016. Not just journalism but general cybersecurity, as it allows researchers and computer security companies to blacklist known problem sites and alert their DNS to what problem sites have been doing. This is an important part of how cybersecurity works.
Accurate WHOIS info also prevents scams, people posing as other entities, and helps with dealing with IP theft. Now, personally I think the last one is applied too heavy handedly, but I also think its important that it exists and can be regulated without having to file a police report every time.
Also, there's no such thing as "good guy key" security. If it's accessible to law enforcement, it's accessible to bad actors as well. You cannot encrypt the protocol such that only law enforcement can handle it.
Anyone surprised that they were lying through their teeth?
Steam | XBL
Fucked, if Zuckerberg has his way.
Also, holy shit senators this is supposed to be about how social media company data leaks are becoming a huge problem. Maybe stop trying to prove your conspiracy theories that they're trying to kill the right, and actually deal with the damn problem you're there to deal with?
Ofcourse they will accuse social media of being leftists if they so much as look like attempting some moderation of radical elements.