<<<
Chronological Index
>>> <<<
Thread Index
>>>
My experiences with the WHOIS database and why I would abolish it
- To: whois-rt@xxxxxxxxx
- Subject: My experiences with the WHOIS database and why I would abolish it
- From: Markus Hanauska <hanauska@xxxxxxxxxx>
- Date: Wed, 16 Mar 2011 14:01:01 +0100
I have spent many years with actively fighting spammers during the nineties and
the WHOIS database was always a valuable source of information during that
time. Things have changed, though. Already near the end of my spam fighting
career the WHOIS database became increasingly less valuable because of fake
address entries and proxy services. No matter how much effort the ICANN puts
into the WHOIS database, it is not possible to restore its early stage, too
many things have changed within the last ten years. This is a fight that costs
only plenty of time, resources and money, and the outcome is clear before it
has even started: The ICANN is going to lose it.
They are going to lose it because even I used faked WHOIS data for my domains
and nobody ever noticed that. You might say, I should know better, after all I
had to work with WHOIS data on a daily basis, but I'm also a human being and
thus I have privacy concerns like anyone else in the world. Some people are
more concerned with privacy than other people, however, when you do things like
fighting spam, you offend a lot of people and thus you have to take measures to
protect yourself and your family from harassment (and if it is only to avoid
that somebody calls you 50 times a night). I gave up fighting spam long ago
because this fight was equally lost as the fight for an error free WHOIS
database; but that is a different matter.
I understand that having something like a central registry of domain owners (or
multiple separated by country or by TLD) might be important in some cases, the
question is, does it rally have to be a public one? Let me throw in an analogy
that has been used thousands of times the past years: "cars". There are very
little topics most countries of the world can agree on, but one of those topics
is the use of "vehicle registration plates". Most countries on earth require
that cars (and other traffic vehicles) must have a license plate. What for?
Among many possible reasons, one of the main reasons certainly is to determine
the car owner. Why not just writing the name of the car owner onto the plate?
Names are not unique. Why not writing name and full street address onto it? I
don't know, but I know that license plates haven been around for longer than
cars. The first plates were used for horse-drawn hackney carriages (1884) and
already at that time the name hasn't been used.
Of course having license plates is pointless if there is no (central?) database
that stores the owner information behind a specific plate. Whether the
government needs to find the owner for collecting taxes or whether the police
needs to find the owner because the car was used in a criminal offense, those
institutions can have access to this database if necessary. However, how many
of these database allow public, free access to every interested party in the
world? I know that certain cantons of Switzerland allow that (sometimes for
free, sometimes only for a fee, and sometimes only after a registration and the
number of lookups per certain time period limited), but I claim in most parts
of the world this is not possible and also not necessary.
If WHOIS gets abolished by tomorrow, the decentralized database of today still
exists; it's just not public any longer. Nobody can tell me there is a domain
registrar that has no such database of their customers. How are they going to
contact their customers or collect their annual fees otherwise? And of course
could the police get access to those data in case of a criminal investigation,
either only through court order or possibly even without; this is question of
local law and nothing the ICANN has to worry about. Another major concern is
usually how can a normal Internet user contact a domain owner without public
WHOIS access? The question must rather be: Why would a normal Internet user
have to do that in the first place and why couldn't registrars offer a form on
their web page to contact domain owners, without revealing any data about them
and internally forward the requests to the e-mail address they know of their
customers? Such a form would be sufficient in 99.9% of all cases and if it is
only used to ask the domain owner for a postal address or phone number, if
e-mail may not be the right communication medium for the matter.
The days where quick domain owner contact was necessary to quickly resolve
technical difficulties of the Internet are long over. If a domain points to a
server offering any (public?) services, the company hosting the server (which
might be another company than the domain registrar) also has the full contact
information of their customer. And network admins of two peering networks
certainly have exchanged their contact information a long time ago and will not
make a WHOIS lookup if there is a routing problem between the networks to find
out whom to contact.
My personal opinion is that by making all WHOIS data private, the quality of
the data will improve dramatically and it will improve much more than any
attempt of the ICANN to strictly enforce the current policies ever will improve
it. The majority of domain owners are neither spammers nor criminals and this
holds true for the majority of domain owners with fake WHOIS address data, too.
They are just people worried about their privacy and the reason for not using
their real contact data is not that they don't want "anyone" in the world to
know those data, they just don't want the whole world to know it; this is a
huge difference. If they get assured that their contact data will be protected
as much possible and only when absolutely unavoidable that data might ever be
revealed to a third party, a lot more people will be willing to refrain from
using fake address data.
Even services like Facebook had to learn that users want control over their
private data and it is one thing to share this data with the world after asking
the user explicitly for their agreement and sharing the data unasked. Revealing
one of my many e-mail address in the WHOIS database wouldn't even be a private
concern to me, but already my full name is nothing that the world needs to
know, since WHOIS data has also been collected and copied to other databases
over the years and those make reverse look-ups possible (e.g. not who is the
owner of a domain, but which domains does a certain person own) and I
absolutely see no reason why the world has to know which domains I have
registered; I consider this equally private as the world doesn't have to know
which car I drive, at which supermarket I buy food, or which company has
produced the underwear I currently wear. Having secrets and keeping certain
information private doesn't make you criminal or a bad person, does it? And as
long as the ICANN plays Facebook in its early years, people will fight back
their privacy by faked names, faked address data, and proxy services where
available and the number of those people will rather increase than decrease in
the years to come.
--
Markus Hanauska, Senior Software Developer
equinux AG / equinux USA, Inc.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|