RE: [dow1tf] Latest version of Preliminary Report (v .2)

[Paul Stahura <stahura@xxxxxxxx>]

4) Summary of Technical Measures used by Registrars to stop data mining.

Today, registrars use a combination of techniques in an effort to thwart
data mining. One of these is CAPTCHA (completely automated public Turing
test to tell computers and humans apart) whereby the registrar will display,
for example, a gif image of a series of letters and where the user must
decipher the image and manually enter the series of letters displayed in
order to gain access to the registrar's web-based interface to its whois
information.  This technique does not work via the existing port-43
specification.  Additionally, registrars monitor the number of requests made
from IP addresses and limit this number to a set amount.  The registrars
call this technique "speed bumping" and they use it to limit mining on
port-43 and via the web.  Neither of these techniques is foolproof.  For
example, speed bumping can be defeated because professional miners can
easily gain access to many IP addresses (thousands) and perform automated
whois lookups from each one that are below the threshold, which forces the
registrars to lower the threshold for everyone.  Also, CAPTCHA systems are
defeated because miners can display the CAPTCHA image, say, in order to gain
access to a porn site, and use the answer given by the human wishing access
to that site in the response at the registrar, or the miner could use
sophisticated OCR (optical character recognition) software to do the trick.
Despite these flaws, the registrars do believe that these systems do work in
most cases, especially on their web-based public whois interfaces, to limit
data mining and at a very minimum increase the costs to the data miner.



-----Original Message-----
From: owner-dow1tf@xxxxxxxxxxxxxx [mailto:owner-dow1tf@xxxxxxxxxxxxxx] On
Behalf Of Neuman, Jeff
Sent: Tuesday, May 04, 2004 6:28 AM
To: 'dow1tf@xxxxxxxxxxxxxx'
Subject: [dow1tf] Latest version of Preliminary Report (v .2)

All,

Here is the latest version of the Preliminary Report.  We are still waiting
for a number of different submissions from people before we can finalize.  I
am prepared to ask the Council for some more time to finalize the report,
but we need to be showing an effort to getting the work done.  Rather than
taking any votes today, lets work on further refining some of the sections
of this report.

We are waiting for the following:

1)  Description of Process:  Barbara Roseman
2)  Summary of Needs and Justifications from Previous Workshops:  Jeremy
Banks
3)  Summary of Needs of Registrars:  Paul Stahura
4)  Summary of Technical Measures used by Registrars:  Paul Stahura and
Wendy Seltzer
5)  In addition, everyone needs to begin thinking about how our
recommendations will affect their own constituency.

Talk to you all later.

Jeff

Thanks.

 <<Whois TF 1 - Preliminary Report v 0.2.doc>> 

Jeffrey J. Neuman, Esq. 
Director, Law & Policy 
NeuStar, Inc. 
Loudoun Tech Center 
46000 Center Oak Plaza 
Building X 
Sterling, VA 20166 
p: (571) 434-5772 
f: (571) 434-5735 
e-mail: Jeff.Neuman@xxxxxxxxxx