Re: [alac] GAO Report on Domain Names

[Wendy Seltzer <wendy@xxxxxxxxxxx>]

At 11:43 AM 12/8/2005 -0500, John R Levine wrote:

> I know people, in the US and elsewhere, who tell me that they use WHOIS
> info all the time to track down real spammers, but Wendy apparently thinks
> that they're lying to me.

You know I didn't say that, just that I doubt it's a big piece of the 
overall picture, and that its value in catching spammers doesn't seem 
to outweigh the privacy and anonymity harms, in its current form.


> IP WHOIS is certainly useful, but I don't understand the assumption that
> domain WHOIS can all be fake, but IP WHOIS is all true.  Why should that
> be so?  You need IP addresses to publish stuff just as much as you need
> domains, probably more.

Internet attacks come from IP addresses, whether or not those 
addresses have associated domain names.
IP WHOIS generally provides information at a higher level of 
generality, identifying the ISP who owns the netblock but not the 
individual user, so it often doesn't create such striking privacy 
concerns, or their associated reasons for falsifying data.

--Wendy


> Regards,
> John Levine, johnl@xxxxxxxx, Primary Perpetrator of "The Internet 
> for Dummies",
> Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
> "I dropped the toothpaste", said Tom, crestfallenly.

--
Wendy Seltzer -- wendy@xxxxxxxxxxx
Visiting Assistant Professor of Law, Brooklyn Law School
Fellow, Berkman Center for Internet & Society
http://cyber.law.harvard.edu/seltzer.html
Chilling Effects: http://www.chillingeffects.org