CircleID

Dear Gavin:

I agree 100% with you ! a Thin Registry might be a drawback… in terms of registrant security.

Note: If you think that a thin registry is less safer than a thick registry… so, imagine if you buy a subdomain from centralnic ! Which is basicaly a registrant ! Dont you agree that is much less safer ?

Best,

Ricardo Vaz Monteiro
Nomer.com

Gavin

Sorry if this is a really dumb question, but what about domains with "whois privacy"? In a thick registry is the "real" data held by the registry or the registrar? I was under the impression that it was held by the registrar that provides the privacy service.

Michele

Hi Michele,

You're right that a thick registry approach wouldn't solve the issue of proxy registrations, which is certainly problem for many Registerfly customers. Here are a couple of suggestions.

First, proxy registration services should start to escrow their own data. If I were a reputable proxy registration company, I'd set this up right now and start advertising it as a selling point - it would definitely place them at a competitive advantage given the negative publicity around RegisterFly. This would encourage other proxies to do likewise, and pretty soon it would either be ubiquitous, or only the "bad guys" wouldn't advertise that they escrow, in which case it's an obvious clue to the consumer. The market can be used to regulate out bad behaviour.

My second suggestion is to implement something at the registry level to ensure privacy of contact data. This is clearly a much more difficult thing to achieve: we've seen how little progress the community has made regarding WHOIS reform. But I imagine something like the system we use at CentralNic: a contact object can be marked as "invisible" in our system so that it isn't directly visible in the whois, but is available to registrars via EPP and other mechanisms (and subject to data disclosure and information privacy rules), and can still be released by the registry to parties with a legitimate interest. This also has the benefit of simplifying matters for law enforcement, IP lawyers and volunteer spam and botnet fighters - they have a single point of contact for IP infringement queries, rather than having to contact individual registrars who may or may not co-operate.

I don't advocate the thick model as a 100% solution but I think it will help us get closer to 100%, and I am sure that other people smarter than I will have their own suggestions.

Gavin

At least I'm not losing my mind (though after last week I'm sure I lost a few brain cells).

From what I can gather the registrants that opted for Registerfly's privacy service are going to have to prove that they are the rightful owners of their domains, which is going to be awkward at best.

Hopefully companies offering whois privacy services will pick up on your suggestion and that the entire community can benefit from RegisterFly's mistakes

Michele