ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] scammers using whois privacy

  • To: "Hugh Dierker" <hdierker2204@xxxxxxxxx>, "Roberto Gaetano" <roberto@xxxxxxxxx>, "'Karl Auerbach'" <karl@xxxxxxxxxxxx>
  • Subject: Re: [ga] scammers using whois privacy
  • From: "kidsearch" <kidsearch@xxxxxxxxxxxxx>
  • Date: Sat, 6 Jan 2007 11:49:47 -0500
  • Cc: "'Dena Whitebirch'" <shore@xxxxxxxxxx>, "'ga'" <ga@xxxxxxxxxxxxxx>
  • References: <314230.68380.qm@web52901.mail.yahoo.com>
  • Sender: owner-ga@xxxxxxxxxxxxxx

Answers below once again for Hugh.

  ----- Original Message ----- 
  From: Hugh Dierker 
  To: kidsearch ; Roberto Gaetano ; 'Karl Auerbach' 
  Cc: 'Dena Whitebirch' ; 'ga' 
  Sent: Saturday, January 06, 2007 10:15 AM
  Subject: Re: [ga] scammers using whois privacy


  I have two adult daughters. I do not want just anyone being able to obtain the whois data for any reason what so ever. As for my adult wife the same holds true.

  We agree 100%. Now if your wife starts asking for people to put their credit card info into her website, then I do not agree her info should be hidden.

  I do not want people getting these types of infos for spamming purposes.

  Neither do I. I also do not want the spammers to be able to hide their whois info. Let's compare telemarketers to spammers. Good analogy I believe. US law says that you can put your name on a do not call list and telemarketers who call you anyway can be fined. However, this protection does not apply top any telemarketing calls that a business gets. It only applies to residential telemarketing. If you use that phone number for business telemarketers can call you. Before the do not call list there was and still is a law that says telemarketers may not call you after 9pm. However, once again, it only applies to your home phone number and not to your business number. We have a history of separating these two issues. I only advocate that people who accept money through their website as a business have their information public. Personal website owners and nonoprofits that ask for no money would not have to make their information public. The credit card companies, paypal, and others could solve it immediately. They could require that info to be public if you use their payment services.

  I do not want someone using my info and pretending to be me.

  I hope you shred your mail and your trash at home. Most identity thieves get your info at those two places. There is not enough info in whois to allow identity theft. There is in your trash and in your mailbox however. 

  I do not want only the rich to have to ability to circumvent the rules but others cannot.

  The rich can also buy a boat and the poor cannot. Equality is the ideal, but reality says that you cannopt have true equality especially in the capalistic societies like the US. I agree with you ideally. However, I'm not advocating that the rich be able to hide their identity and the poor not be able to. Just that business owners who ask for your money through their website be required to have readily available public information to protect consumers.

  I do not want to be subject to frivilous claims by anyone who can just look up the necessary data, with out have to show preliminary cause.

  Preliminary cause can include the fact that I want to know who you are before entering my credit card information into your webpage form.

  e

  kidsearch <kidsearch@xxxxxxxxxxxxx> wrote:
    I can list several reasons and have listed them why the whois information is a good thing for consumers, but haven't seen a list of good reasons why it should be hidden.


      ----- Original Message ----- 
      From: Hugh Dierker 
      To: kidsearch ; Roberto Gaetano ; 'Karl Auerbach' 
      Cc: 'Dena Whitebirch' ; 'ga' 
      Sent: Friday, January 05, 2007 8:07 PM
      Subject: Re: [ga] scammers using whois privacy


      I think we have a breach in language here. Users of lists, do just that, use lists. Keepers of lists, obviously do that - keep the list. The DMV example does not make the General public free users of the list. It is restricted to those with a genuine well established need to know.
      Our WHOIS should be the same and all we should argue about is the protocols and criterion for that need to know is. And of course never ever in multiples.

      e

      ps. There is always that gal Sally who likes white chocolate and flowers that might bend the rules just this once ;-}



      kidsearch <kidsearch@xxxxxxxxxxxxx> wrote:
        I don't have a problem with the dmv concept as long as the average user can access the information. Yes one record at a time is sufficient.

        It's funny that it's being advocated that domain holders have a rigjht to priivacy, but anyone requesting information would have to disclose all that info that Karl suggested.

        So the domainer has the right to privacy, but the requester of info does not?

        Karl that sounds more like something ICANN would consider rather than you. They use double standards all the time. You usually don't.

        Chris McElroy aka NameCritic
        http://www.articlecontentprovider.com

          ----- Original Message ----- 
          From: Hugh Dierker 
          To: Roberto Gaetano ; 'Karl Auerbach' ; 'kidsearch' 
          Cc: 'Dena Whitebirch' ; 'ga' 
          Sent: Thursday, January 04, 2007 9:07 AM
          Subject: RE: [ga] scammers using whois privacy


          This is not first for data control. Look at the model used by DMV of California. The data base is closed to the "general" public. But procedures are in place for someone with a real need to access the information. But only one a time. 
          I do not believe spammers have the time or cost effectivenes to justify getting ones' indenty one at a time and declaring under penalty of perjury a legitimate need.
          (this of course has different criteria for law enforcement.)

          Karl is right on the money here and we have over a decade to prove it.
          Why would such intellent engineer folk want to reinvent the wheel.

          e

          Roberto Gaetano <roberto@xxxxxxxxx> wrote:
            Karl Auerbach wrote:

            > 
            > And one of the curative measures that seems to constantly 
            > escape the minds of ICANN is that *before* any person should 
            > be allowed to examine whois information that person ought to 
            > be required to declare, in writing, into a permanent and 
            > public archive the following things:

            [snip]


            I have always problems with statements like "ICANN does not understand" or
            the like.
            Sure, some people in the ICANN Board or staff or community might be in that
            situation, maybe others do understand but cannot change the situation,
            others do understand, but disagree, and so on with a variety of approaches
            and behaviours that is, IMHO, one of the richness of this environment.

            This said, I would like to state what is *not* the opinion of ICANN, or at
            least not necessarily, but is *my* opinion.

            The matter is extremely complex and far from having one single simple
            solution, as the exchange btw. Chris and Karl has shown. For me, the real
            problem, besides the fact that there are different opinions and interests
            (which is part of the given landscape, and a constraint that cannot be
            changed), is the fact that we are trying to use the WhoIs for different
            things, that are only loosely connected with the purpose for which the
            system was designed.

            Karl, or anybody who has a longer experience than myself with the subject,
            are welcome to correct me if I am wrong, but the initial purpose of the
            WhoIs, and its importance for security and stability matters, is to be able
            to identify an entity that can respond if there is a problem with the
            corresponding resource (name or address). This does not imply in any way
            identification of the owner of the resource, quite the contrary, in the vast
            majority of the cases this is an agent with some kind of authority delegated
            by the owner. While I agree that the ultimate responsibility stays with the
            owner, there is no need to identify the owner in an emergency situation.

            May I use an example. Suppose I own a domain name, and suppose that I use
            some kind of hosting services for the website. Suppose that my domain name
            is used as a relay by a spammer or scammer for his/her activities. It would
            not do any good to contact me, because in my ignorance of the internet
            technology I would barely understand what they are talking about, ;et alone
            to be able to do something to cure the problem. The fact is that, under the
            assumptions above, I pay a provider for a service, and if anybody can
            intervene, it is the technical staff of the provider, not me.

            This for what I understand to be the original purpose of the WhoIs. Another
            aspect is to identify, once the emergency has been fixed by the technical
            staff, the responsible party who has to pay for the damages, so to speak.
            This is a completely different ball game,and although we could use the WhoIs
            for storing this kind of information, I personally continue to fail to see
            any reason for having this information publicly available.

            The problem raised by Chris is a legitimate, but complex one. I don't think
            that it would be an appropriate use of the WhoIs to be a repository for
            information that have to do with the contents of a web site. The problem of
            being able to trust a web site is (again IMHO, not necessarily in the
            Board's opinion) something that is related to the trade or other activity
            performed on the web site. In simple words, there is the case of the
            ecommerce site that claims to sell goods that will never be delivered, but
            also the site who gives false information making believe they are an
            important news agency, or a fake university that claims to give degrees, or
            whatever. I am absolutely convinced that it is the trade organization that
            should react to put measures in place as safeguards to the consumers, in
            exactly the same way we do have brand protections, guaranteed origin marks
            for producers, quality labels, and so on. In short, since illegal activities
            do damage the honest traders, the community of the trade has to put in place
            measures to protect the traders (and the consumers).

            I don't know if we are going to see certificates on websites that guarantee
            the contents of the website from the ecommerce point of view, but I do
            believe that bodies like the ICC should be looking at this, and that this
            solution is more appropriate than to bend the WhoIs system to do something
            that it was not designed to do, and also oblige the customers to do searches
            for which they might be not technically skilled for rather than being
            prompted with some visible sign that will give them the sufficient
            confidence that the site can be trusted.

            Roberto
            (in my personal capacity)




          __________________________________________________
          Do You Yahoo!?
          Tired of spam? Yahoo! Mail has the best spam protection around 
          http://mail.yahoo.com 


      __________________________________________________
      Do You Yahoo!?
      Tired of spam? Yahoo! Mail has the best spam protection around 
      http://mail.yahoo.com 


  __________________________________________________
  Do You Yahoo!?
  Tired of spam? Yahoo! Mail has the best spam protection around 
  http://mail.yahoo.com 


<<< Chronological Index >>>    <<< Thread Index >>>