Domain privacy explained

Domain privacy (often called Whois privacy) is a service offered by a number of domain name registrars.[1] A user buys privacy from the company, who in turn replaces the user's information in the WHOIS with the information of a forwarding service (for email and sometimes postal mail, it is done by a proxy server).

Level of anonymity

Registrars typically collect personal information to provide the service. Some registrars take little persuasion to release the so-called 'private' information to the world, requiring only a phone request or a cease and desist letter.[2] [3] [4] Others, however, handle privacy with more precaution, using measures including hosting domain names offshore and accepting cryptocurrencies for payment so that the registrar has no knowledge of the domain name owner's personal information (which would otherwise be transmitted with credit card transactions). It is debatable whether or not this practice is at odds with the domain registration requirement of the Internet Corporation for Assigned Names and Numbers (ICANN).

Privacy by default

Some top-level domains have privacy caveats:

Privacy forbidden

Implications

The Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires the mailing address, phone number, and e-mail address of those owning or administrating a domain name to be made publicly available through the "WHOIS" directories. However, that policy enables spammers, direct marketers, identity thieves, or other attackers to use the directory to acquire personal information about those people. Although ICANN has been working to change WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.[17] However, with the offer of private registration from many registrars, some of the risk has been mitigated.

Researchers in the industry have worked on improving the design of the domain name system, in order to reduce the likelihood of attackers compromising the infrastructure. They have done so by allowing for varying options and adjusting the guidelines of how they operate.[18]

Litigation

With the help of "private registration", the service can be the legal owner of the domain. This has occasionally resulted in legal problems. Ownership of a domain name is given by the organization name of the owner contact in the domain's WHOIS record. There are typically four contact positions in a domain's WHOIS record: owner, administrator, billing, and technical. Some registrars will not shield the owner organization name in order to protect the ownership of the domain name.[19]

There has been at least one lawsuit against Namecheap, Inc. for its role as owner/registrant;[20] Namecheap lost its motion to dismiss. Silverstein v. Alivemax, et al. Los Angeles Superior Court Case Number BC480994 was dismissed in May 2014.[21] Silverstein is well known for his anti-spam and email privacy campaigns, most notably in the case of William Silverstein v Keynetics, Inc., No. 17-15176 (9th Cir. 2018), but this was decided for Keynetics in March 2018.[22]

Ownership of domains held by a privacy service was also an issue in the RegisterFly case, in which a registrar effectively ceased operations and then went bankrupt. Customers encountered serious difficulties in regaining control of the domains involved.[23] ICANN has since remedied that situation by requiring all accredited registrars to maintain their customers' contact data in escrow. In the event a registrar loses its accreditation, gTLD domains, along with the escrowed contact data, will be transferred to another accredited registrar.[24]

See also

External links

Notes and References

  1. Elliott. Kathryn. The who, what, where, when, and why of WHOIS: Privacy and accuracy concerns of the WHOIS database. SMU Sci. & Tech. L. Rev..
  2. Web site: Private domains not so private? . . 2005-08-15 . 2016-02-03 .
  3. Web site: More on Domains By Proxy . Thomas Roessler . 2003-04-15 .
  4. Web site: proxy fight [Domains-by-proxy update] | author=Wendy Seltzer | date=2003-04-11 | access-date=2008-06-16 | url=http://wendy.seltzer.org/blog/archives/2003/04/11/proxy_fight_domains_by_proxy_update.html | url-status=dead | archive-url=https://web.archive.org/web/20080605230455/http://wendy.seltzer.org/blog/archives/2003/04/11/proxy_fight_domains_by_proxy_update.html | archive-date=2008-06-05 .
  5. Web site: Change of nic.at Whois policy . nic.at GmbH . Nic.at . 2010-05-21 . 2014-05-05 . https://web.archive.org/web/20140606215347/http://www.nic.at/en/uebernic/current_issues/nicat_news/news_view/article//aenderung-der-whois-policy-bei-nicat/ . 2014-06-06 . dead .
  6. Web site: Information service - Lookup - Internet Domains. 2021-01-30. www.nic.ch.
  7. Web site: DENIC Putting Extensive Changes into Force for .DE Whois Lookup Service by 25 May 2018.
  8. Web site: .eu domain name WHOIS policy. 2016-04-29 . EURid.
  9. Web site: AFNIC Data publication and access policy. 2017-06-26 . AFNIC.
  10. Web site: 2022-05-30 . La politica del Registro .it sul Database dei Nomi Assegnati (DBNA) e sul servizio WHOIS . NIC.it.
  11. Web site: SIDN anonimiseert whois-gegevens. Van Miltenburg. Olaf. 12 January 2010. nl. SIDN anonymizes whois data. 4 September 2014. Tweakers.
  12. Web site: SIDN implements Whois changes from 12 January 2010. 1 January 2010. SIDN. https://web.archive.org/web/20100129030637/http://www.sidn.nl/ace.php/c,728,6253,,,,SIDN_implements_Whois_changes_from_12_January_2010.html. 29 January 2010. 4 September 2014.
  13. Web site: Nominet WHOIS Opt Out . Nominet .
  14. Web site: NIC.BR . Núcleo de Informação e Coordenação do Ponto BR . April 25, 2022 . Contrato para registro de nome de domínio sob o ".br" . Contract for registration of domain name under ".br" . registro.br . Portuguese . III. estar ciente de que parte dos dados informados pelo REQUERENTE no momento de requisição de registro de nome de domínio ficarão disponíveis à consulta pública por meio do serviço de diretório do REGISTRO.br. Esses dados são publicados para permitir a identificação dos responsáveis pelos domínios registrados sob o ".br", de forma a garantir a transparência na atividade de registro e a responsabilização daqueles que utilizarem esse recurso de forma abusiva, tornando a Internet mais segura e a sua governança mais transparente a toda sociedade. a) Para domínios de titularidade de pessoa jurídica serão publicados o nome empresarial, número do CNPJ, país, nome do responsável, endereço, telefone, dados do contato titular e do contato técnico. b) Para domínios de titularidade de pessoa física, serão publicados o nome, CPF, país, dados do contato titular e do contato técnico..
  15. Web site: Registry.in . Terms and Conditions for registrants .
  16. Web site: Domain Privacy and Australian Domain Names Domain Registration AU.
  17. Web site: The Privacy Conundrum in Domain Registration. Act Now Domains. 26 March 2013. 7 March 2023. https://web.archive.org/web/20230307052709/http://www.actnowdomains.com/the-privacy-conundrum-in-domain-registration.htm. dead.
  18. Khormali . Aminollah . Park . Jeman . Alasmary . Hisham . Anwar . Afsah . Saad . Muhammad . Mohaisen . David . 2021-02-11 . Domain name system security and privacy: A contemporary survey . Computer Networks . 185 . 107699 . 10.1016/j.comnet.2020.107699 . 1389-1286. 2006.15277 .
  19. Web site: 1 Introduction & Background to Whois Generic Names Supporting Organization. 2021-04-20. gnso.icann.org.
  20. Web site: SolidHost v Namecheap.
  21. Web site: Case Summary - Online Services - LA Court. www.lacourt.org. 2018-08-13.
  22. News: Silverstein v Keynetics, Inc. 2018-08-13. en.
  23. Web site: Anger and fear as domain firm slowly implodes. Computer Business Review. February 21, 2007. December 11, 2013.
  24. Elliott. Kathryn. 2009. The Who, What, Where, When, and Why of WHOIS: Privacy and Accuracy Concerns of the WHOIS Database. Science and Technology Law Review. 12. 2020-10-30. 2023-03-29. https://web.archive.org/web/20230329192904/https://cpb-us-w2.wpmucdn.com/smulawjournals.org/dist/8/7/files/2018/11/4_The-Who-What-Where-When-and-Why-of-WHOIS_-Privacy-and-Accurac.pdf. dead.