ICANN ICANN Email List Archives

[At-Large Advisory Committee]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [alac] GAO Report on Domain Names

  • To: "Wendy Seltzer" <wendy@xxxxxxxxxxx>
  • Subject: Re: [alac] GAO Report on Domain Names
  • From: "John L" <johnl@xxxxxxxx>
  • Date: 8 Dec 2005 21:02:21 -0500

I know people, in the US and elsewhere, who tell me that they use WHOIS
info all the time to track down real spammers, but Wendy apparently thinks
that they're lying to me.

You know I didn't say that, just that I doubt it's a big piece of the overall picture, and that its value in catching spammers doesn't seem to outweigh the privacy and anonymity harms, in its current form.

You may not have said it in so many words, but the message is clear, you don't believe that WHOIS is useful for catching spammers and other crooks. I know people who find WHOIS, imperfect though it is now, extremely useful for tracking down serious spammers. The crooks often lie, but their lies have patterns that are clear to the experienced eye, and sometimes for whatever reason their info is real. The people telling me this are real people who do this every day.


I also have seen no evidence whatsoever that the current WHOIS rules cause any privacy or anonymity harm at all, particularly with the pseudonym service like Godaddy's available. What I do see in sites with fake whois is a lot of plain old fraud, along with a lot of low-level scams and libel that are not quite worth the cost to the victim of going the legal route. For example, I got a message from a guy in a small Indian Ocean country, the Maldives, I think, telling me that while his computer was in the shop someone found nude pix of his wife and had been posting them in a variety of places that he couldn't trace due to fake contact info. The cops weren't interested, and he didn't have any further resources to track down the miscreants. People with reasonable privacy concerns, like a guy I know who would rather his nutty ex-wife not resume stalking him, are handled just fine by pseudonyms.

The missing item in the whole anonymity argument is that just about nobody I've seen arguing for anonymous speech is willing to take any responsibility for it. (John Gilmore is one of the few exceptions, and his mail server is on everyone's blacklist since the anonymous material he forwards is all spam.) If you think anonymous speech is so great, set up Wendy's Wonderful Writing Wall to which people can post via TOR or any other one-way channel you like, and give people the anonymous forum that they apparently need. If you're not willing to do it and take the heat, why should anyone else?

IP WHOIS is certainly useful, but I don't understand the assumption that
domain WHOIS can all be fake, but IP WHOIS is all true.  Why should that
be so?  You need IP addresses to publish stuff just as much as you need
domains, probably more.

Internet attacks come from IP addresses, whether or not those addresses have associated domain names.

Indeed. So does e-mail. So do web sites. What's the point here?

IP WHOIS generally provides information at a higher level of generality, identifying the ISP who owns the netblock but not the individual user, so it often doesn't create such striking privacy concerns, or their associated reasons for falsifying data.

That's a historical coincidence, and it's not particularly true. Web farms with RWHOIS servers often provide contact info down to the individual customer and IP address.


You can have a mail or web server with an IP and no domain name, but you can't have either with a domain name and no IP. IP addresses are essential for online speech, anonymous or otherwise. Why isn't it equally important to make them anonymous?

Regards,
John Levine, johnl@xxxxxxxx, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy