-
Blogs
-
News
-
Industry
-
Community
-
Topics
The company that manages the .name top-level domain registry is charging for access to domain registration information (Whois data), a step that security researchers say frustrates their ability to police the Internet and creates a haven for hackers who run internet scams.
Although it is traditionally required by ICANN that domain name registrars make the Whois data publicly searchable, Global Name Registry (GNR), which administers .name (a domain intended for use by individuals e.g., johndoe.name), won the right to create tiered levels of Whois access, where public searches show very little information beyond what registrar sold the name and what name servers the site uses. The site sells five passwords, good for 24 hours only, for $2.
Read full story: Wired News
Related topics: DNS, Domain Names, Registry Services, ICANN, Security, Top-Level Domains, Whois
To post comments, please login or create an account.
MobileSponsored bydotMobi | |
DNSSponsored byNeustar UltraDNS | |
DNSSECSponsored byAfilias | |
SecuritySponsored byVerisign | |
Top-Level DomainsSponsored byMinds + Machines |
The .name Whois functionality is a compromise between the ICANN policies and the legacy of Whois as a service anyone could use to look up anyone, and the EU Data Protection Act.
It is an important principle in the Act that people must be able to register for the service without thereby necessarily disclosing their private information to the world. Compare with the ability of getting a phone number without necessarily putting it and all personal details in the White Pages. From a privacy point of view, this means that .name Registrants are more protected from data harvesters and spammers on .name than on most other domains. At the same time, we, as much as others, want to ensure that people violating laws and policies can be tracked down and sites taken down when required.
The compromise position is the .name Whois - where anyone can get basic, non-personal information, that has real technical and operational use. With the basic information, the Registrar, host and nameserver operators can be tracked down and the domain can be taken off line. However, for those in need of detailed personal information, the .name Whois provides it, provided that the requestor can be identified, either via 1) a token payment, or 2) a contract with Global Name Registry for persistent access for special interest groups, like law enforcement. The latter is free, the former a token $2, which raises the barrier for spammers so as to make spam uneconomical, and is low enough to be irrelevant for genuinely needed requests (which as it turns out, are extremely few).
So in summary, to be clear - there is no payment required for those entering into the Whois Extensive Agreement, which offers full, instant manual access to those with legitimate interests.
We believe this is the best possible compromise between two very different positions, one legal (EU Data Protection Act), the other legacy (Whois as a fully open tool for anyone) - on one side, that personal information should be protected, and on the other side, that bad registrations and illegal conduct should be identified and remedied.
Hakon Haugnes
President
Global Name Registry
WHOIS policy is a no-win situation for the registries… if they're wide-open, they're criticized for violating privacy, and if they impose limitations they're criticized for shielding abusers.