TL;DR? It's worth reading, BUT, if not — ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible.
PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime.
M3AAWG has submitted at least three comments in this regard, but that's not how ICANN works, they consider numbers of submissions to be more important than who is making a statement. M3 with hundreds of member companies, counts for one vote.
Do it now; it is time for the security community to stand up strong to this nonsense. Thanks.
Coalition Against Unsolicited Commercial Email
Rant shared with permission:
Subject: ICANN WHOIS Replacement Work
Date: March 24, 2017 at 4:05:52 PM GMT-4
We have been trolling them with facts for a month now. I learned a lot about that group in that time. Here's a blood pressure boosting wall-of-text rundown:
The group is a bunch of registrars and "right to be forgotten" privacy people. They want to kill DomainTools and all similar services.
The "privacy" advocates want domain ownership to be anonymous without a court order. They have no concern about privacy violation caused by criminals. They don't care that anonymous free speech is already available or that the domain system they are trying to create will be tremendously dangerous for dissidents and so forth to trust. They want to create privacy by forcing us to delete data we have collected from public sources. They are extremist fanatics with ideas unburdened by knowledge. People on this mailing list have done far more to protect privacy than these so called advocates.
And for the registrars, it appears they are intent on saving money as they don't want to deal with the complaints or maintenance of whois. They seem uninterested in the fact that their small savings will cause huge losses for someone else. Some are dismissive of law enforcement, and some have spoken hostile words about Spamhaus, where the only other mouths I have heard such words from belonged to spammers. The arrogance from some of them is palpable.
I am not exaggerating. The list archives are public, and you should decide for yourself.
I don't want this to be an entirely negative reactionary issue. There are opportunities. If enough people *who actually use WHOIS and own domains* participate, we can make WHOIS better.
- Have you ever been irritated with a bad domain that enjoys the benefits of WHOIS privacy?
- Have you ever been irritated that a registrar makes you visit their website and answer a CAPTCHA to see the WHOIS record, only to find out their website is broken?
- Have you ever been irritated with a registrar that gives your search warrants the middle finger and discloses no whois?
- Have you ever been irritated with registrars that minimize their exposure on DomainTools(and other WHOIS archivers) so they can appeal to abusers?
If we don't participate, the risk is that bad policy hurts the Internet while increasing the profit of a minority. It has happened before. Here are some past ICANN policy issues:
- The .ZIP TLD, apparently no one involved saw a potential problem, but they certainly saw profits
- An explosion in general of TLDs that increased profits for registrars, with few controls on price abuse to the benefit of registries and the expense of everyone else.
- Companies spending hundreds of thousands of dollars to get a TLD, and domains on new TLDs- to prevent anyone else from using their name.
Make no mistake, killing our visibility will reduce the money they spend on abuse complaints and subpoenas. It is insane that this minuscule industry dictates policy that increases risk for the global financial system.
In case you didn't see this, here is a list of quotes said in earnest by people who ICANN is taking policy input from. Feel free to cross reference them with the public archives, and you will see that they absolutely believe this, and that they dominate the conversation:
"Shit Registrars Say"
On defenders losing access to WHOIS:
"Buhu my work will get harder"
On law enforcement stating that access is crucial:
"Good thing that police are law "enforcement" not legislators. They can ask for anything they like, it is not like it has legal binding status. It is a wish list, nothing more..."
Stepping on toes:
"Harvesting and storage of whois data to be re-wrapped and sold is illegal and many registrars state this on the terms and conditions.
storage of whois data is illegal unless it was for a lawful purpose and the only one I can think of is transfers.
This will step on some registrars toes as well as [Brand Protection professional]'s toes who have a business model around the supply of whois data for commercial gain (namely charging for it)."
On the legality of Domaintools and WHOIS archives:
"Who says we need a Whois Archive? The GDRP have explicitly a section about the right to be forgotten, that will say all records deleted!
The way f.ex Domaintools operate today are not in the terms of a lot of whois providers conditions and in some cases illegal"
On what you can do with WHOIS data you query:
"Depends on the terms you accept when you make the whois inquiry. You may be violating the terms of the registrar or registry providing the whois service. "
Feel free to share my observations with others(TLP:GREEN) because we should spread awareness. This is regulatory capture at significant expense to us but we can stop it. Participate, vote, and we can make ICANN great again.
You can join the ICANN working group via this page. There is no barrier to entry, no cost, and no minimum requirement beyond filling out a statement of interest.
We've played bad cop/worse cop enough. Yall to show up and say something. Right now our community's concerns receive mockery and disrespect. You need more than one voice there. You need a multitude. These people need to become a minority.
|Data Center||Policy & Regulation|
|DNS Security||Regional Registries|
|Domain Names||Registry Services|
|Intellectual Property||Top-Level Domains|
|Internet of Things||Web|
|Internet Protocol||White Space|
Afilias - Mobile & Web Services
.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»