A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN" citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement... more
There's a thread on NANOG to the effect that Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked from Dotster over to MelbourneIT and it has pretty well taken panix.com and its customers offline. Looks like this may be among the first high-profile unauthorized transfer under the new transfer policy. It begs the question, despite the existence of the dispute policy under the new system, what provisions should there be for a situation like this where every hour causes untold damage to the party in question... more
Recently, I entered my domain name in a "WHOIS" database query to test the results of the database by using WHOIS on a number of domain name registrar websites. WHOIS is a database service that allows Internet users to look up a number of matters associated with domain names, including the full name of the owner of a domain name, the name of the domain name hosting service, the Internet Protocol or I.P. number(s) corresponding to the domain name, as well as personally identifying information on those who have registered domain names. I was astonished to find... more
I'm going to try something new here. I'm sitting here at the ICANN meeting on whois and I'll try to jot down some of my thoughts as they occur to me in reaction to what is being said:
- What is the "purpose" of whois? When a person acquires a domain name he/she has a decision to make: whether he/she will give the vendor/registrar his/her personal information? (If not, the person might have to forego getting the name, but that's his/her choice.) It seems that that is the context in which we need to evaluate the "purpose" of whois. In other words, the person relinquishes the information for the purpose of acquiring a domain name and not the broad panopoly of uses that have grown around whois. more
There are two Bills that are floating through the corridors of power on the Hill that could potentially change the course of civil and political rights within the United States and the world. One was introduced through the House of Representatives and the other through the Senate. The two Bills touch on a common thread that are premised on "national security" however there are interesting challenges that will surface should the Bills be passed that affect global public interest that require further examination, introspection and discussion. more
Al Bode is typical of the many small, individual domain name holders throughout the United States and the world. He is a high school teacher of the Spanish language, not a techie, and he registered the domain IOWAWLA.ORG to provide an online presence for the Iowa World Language Association, a professional association for foreign-language educators in the US State of Iowa, of which he is a member. This domain could in no way be considered a commercial venture. In his own words, "I am a school teacher from Iowa whose websites are personally funded for the express purpose of education. There is no profit motive or even profit other than the knowledge that others may gain from my website." more
John LoGalbo - a "law enforcement" type - is complaining how long it takes him to issue a subpoena. My thought is this: Why should our privacy suffer because his organization can't get its procedural act together?
I am incensed - he is simply stating a conclusion that his targets are "criminals" and that, to go after them, he wants to throw away all legal processes and procedures - so much for the fourth, fifth, sixth, and fourteenth amendments. more
For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities... The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. more
Before starting I'd like to remind you that there are two distinct Whois systems -- the one for IP address delegations and one for DNS registrations. I believe that the former is a useful system in which there are clear utility values that outweigh the privacy costs, and in which the person whose privacy is exposed has made a knowing choice. I do not believe that these arguments apply to the latter, the DNS, form of Whois. more
ICANN has submitted the first report of what will be a series of annual reports summarizing its "expierince" with the Whois Data problems and inaccuracies. While emphasizing that "ICANN-accredited registrars are obligated by the terms of their accreditation agreements to investigate and correct any reported inaccuracies," the report provides the following conclusions: more
The fact that the market for mobile phones that provide Internet access (aka "smart phones") is predicted to increase during the next several years, with global shipments growing to an impressive nearly 125 million units in 2009, means the competition for bridging mobile content and mobile phone use is likely to be keen. Indeed, dotMP already must face competition for registry services that will target mobile phone users. A few of the biggest names in information technology and mobile communications -- led by Nokia and including Microsoft, Vodafone, HP, Orange, Samsung and Sun Microsystems are planning to wedge into the Top-level Domain name space (TLD) by supporting a new TLD registry for mobile web content focused on web pages built specifically for access by mobile devices like smart phones and handheld computers or Personal Digital Assistants (PDAs)... what may set dotMP apart from the technology giants led by Nokia, is a significant value added benefit to its domain name registration services...it will protect the privacy of its registrants. more
One of my pet peeves is the headline "n %" of email is spam, it is inherently misleading, and conveys no useful data. I guess it makes for great newspaper headlines then! On our servers looking at one email address for 4 hours, we saw 208 attempted connections for SMTP traffic referring to this email address. ...One can't measure spam in relation to the amount of genuine email, because the amount of genuine email is not connected to the amount of spam... more
I've discussed the role of the Internet in creating and propagating lies in a previous post, noting that Donald Trump lied more frequently than Hillary Clinton or Bernie Sanders during the campaign. Now let's look at fake news like the claim that Pope Francis had endorsed Trump. The fake post features the following image and includes a "statement" by the Pope in which he explains his decision. more
John Banks is a loan officer in New York. John's supervisor recently warned John about the potential number of bad loans he may be carrying as part of his portfolio. To dump some of the bad loans he might be carrying, John came up with a scheme. He pointed his web browser to www.whois.org and entered terms denoting disease or poor health such as 'cancer' and 'illness'. This query on the Internet's WHOIS database reported results of names and addresses of domain name owners who had developed websites devoted to providing information on certain serious illnesses. John compared these names and addresses with those in his portfolio of loans. For the matches, he canceled the loans and required immediate payment-in-full. more
According to RFC1034, "cnn.com" and "cnn.com." should be the same domain names. However, it doesn't appear that programmers always understand that trailing dots can be added to domain names. Web servers also can't seem to agree what to do with a period at the end of a host name. IIS, thttp, and Akamai's Web server all get confused while Apache doesn't seem to care. How much other software behaves incorrectly because of a trailing period on a domain name? Can spam-filtering software be bypassed with dotted email addresses? Here is a situation when bad things can happen -- "WebShield SMTP infinite loop DoS Attack"... more
A World-Renowned Source for Internet Developments. Serving Since 2002.