RE: [registrars] .net thick/thin discussion

[Paul Stahura <stahura@xxxxxxxx>]

Have you seen two thick registry's web-based whois output?
There is no mining protection, at the very least its not up to today's
standards.
Why?  Because the registries have no incentive.

It leaks like a sieve.

1) The email addresses are in machine readable format, which are easily
screen-scrapable.
2) There is no CAPTCHA-type limit on queries either.
3) The legal:
"NOTICE: Access to .INFO WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the Afilias
registry database. The data in this record is provided by Afilias Limited
for informational purposes only, and Afilias does not guarantee its
accuracy. This service is intended only for query-based access. You agree
that you will use this data only for lawful purposes and that, under no
circumstances will you use this data to: (a) allow, enable, or otherwise
support the transmission by e-mail, telephone, or facsimile of mass
unsolicited, commercial advertising or solicitations to entities other than
the data recipient's own existing customers; or (b) enable high volume,
automated, electronic processes that send queries or data to the systems of
Registry Operator or any ICANN-Accredited Registrar, except as reasonably
necessary to register domain names or modify existing registrations. All
rights reserved. Afilias reserves the right to modify these terms at any
time. By submitting this query, you agree to abide by this policy."

This language, in my interpretation, does not limit anyone from mining all
the whois (getting the information via repeated queries either from one IP
address while limiting the queery rate to one just below the threshold
enforced by Afilias (their definition of "high volume"), which threshold
happens to be too high, or they could just use multiple IP addresses) and
using it to:
1) send out as many US-postal mailings as they want to anyone they want.
2) to send out as many email solicitations to the miner's own "customers"
3) compile it and then resell it in it entirety 

Many registrars have modified their language to something other than the
above years ago.  Why?  Because we are incented to.  If we do not then the
registrants move to a registrar who does.  There is no similar incentive at
the registry.  To change just the legal part of the registry's output, we'd
have to 
1) all agree on updated language
2) go through a lengthy ICANN process to get the registry to change, and
probably have to give up something else in the process.
Just to get this changed to what we already can do (and do do) ourselves.

This is but one reason why I oppose a thick registry model.
But if you want to send your whois to the registry, I'm fine with that, I
just do not want to be forced to.  That is why I'm for Bruce's proposal.


Paul