Have you hugged your WHOIS privacy provider today?

Rob Monster · Nov 8, 2019

Many registrars provide WHOIS privacy services. I won't name ours because that would be promotional, strictly forbidden by Namepros moderators and severely punished! However, I do simply want to acknowledge that running a compliant WHOIS privacy proxy services in 2019 is a bunch of work, especially if a UDRP action is involved. This case reveals a changing tone on privacy.

I am attaching a procedural document from a WIPO panelist who is giving me a hard time in a case where the respondent asked me to dump their domain. It now happens routinely that a complainant's counsel won't simply accept the domain name, but rather will turn the matter into a drawn-out case with multiple interrogatories, wasting everyone's time for a domain that the complainant would prefer to hand over.

In this particular case, the registrant had previously advised us that he was not interested in defending a UDRP on his domains, which in this case was one domain in a large portfolio of .CO domains. So, in the interest of pragmatism, we sought to settle the matter. In the process, we would save the complainant some fees. Win-win and less work in the end. So, did that work out? Nope!

WHOIS privacy compliance is getting harder and harder. The active discussions at ICANN, including this week in Montreal, further reinforce the direction that Law Enforcement and Regulatory authorities want, which is to be able to pierce the privacy veil whenever they darned well please. I have an issue with that and have stated my position without equivocation in the ICANN Registrar Stakeholder Group.

Nevertheless, the policy changes with RDAP march forward, and it is rapidly approaching a foregone conclusion that a pillar of online privacy is being toppled right now in the closing months of 2019.

Our WHOIS privacy service which shall not be named is in fact an ICANN compliant WHOIS privacy proxy. It is a separate legal entity set up for the express purpose of serving as an ownership proxy for the registrant. From a legal perspective, the WHOIS privacy proxy is the registrant's agent.

All this said, I have been unequivocal that at Epik we do not protect people who are engaged in criminality. If there is a court order, we comply. Beyond that, we have openly stated that known criminality is not operating in a protected class at Epik. The job of discernment is not an easy one but it is comes with the territory. So, make sure to hug your WHOIS privacy provider. They have your back more than you know!

Rob Monster · Nov 11, 2019

NicTraders said:
Ah, fair enough. So, is Anonymize the legal registrant of my domains when I have privacy turned on? Or was this a special case?...

When privacy proxy is turned on, the privacy proxy entity is the legal registrant of the domain according to the WHOIS record. Per ICANN, the registrant must be a natural person or a valid legal entity.

dande · Nov 11, 2019

Dear Rob,

What is .o doing in your registrar? Can you explain the reasons and purpose of adding it in your list?

I have just been deceived into registering it, thinking it was ICANN approved extention, only to read your disclaimer email thereafter.

I am a notice to the .O extention. Please, kindly explain.

Yours sincerely,
Dan.

dande · Nov 11, 2019

^^I mean *novice not notice.^^

Pls I may be wrong. Kindly explain sir.

NicTraders · Nov 11, 2019

Rob Monster said:
When privacy proxy is turned on, the privacy proxy entity is the legal registrant of the domain according to the WHOIS record. Per ICANN, the registrant must be a natural person or a valid legal entity.

Interesting to know. Thanks.

trelgor · Nov 11, 2019

Rob Monster said:
When privacy proxy is turned on, the privacy proxy entity is the legal registrant of the domain according to the WHOIS record. Per ICANN, the registrant must be a natural person or a valid legal entity.

NicTraders said:
Interesting to know. Thanks.

So. What is the legal use of a proxy service legal registrant? The registrant is still the registrant, and it is the registrant that is bound by the requirements of the registration, should a dispute arise, right? And the registrar is bound by regulations to relay any dispute notice to the registrant. Am I missing something?

Rob Monster · Nov 11, 2019

trelgor said:
So. What is the legal use of a proxy service legal registrant? The registrant is still the registrant, and it is the registrant that is bound by the the registration, should a dispute arise, right? And the registrar is bound by regulations to relay any dispute notice to the registrant. Am I missing something?

The privacy proxy is the respondent to the UDRP until the proxied person is disclosed. The point of this thread is that there is unprecedented pressure to compel disclosure of the identity of the person who is being proxied to the point that there is an air of "presumptive close" and entitlement on the part of the UDRP process to know the identity of the proxied person. That is actually very new as far as I know it.

trelgor · Nov 11, 2019

I didn’t know proxies could be respondents. Thanks.

Rob Monster · Nov 11, 2019

dande said:
Dear Rob,

What is .o doing in your registrar? Can you explain the reasons and purpose of adding it in your list?

I have just been deceived into registering it, thinking it was ICANN approved extention, only to read your disclaimer email thereafter.

I am a notice to the .O extention. Please, kindly explain.

Yours sincerely,
Dan.

.O is one of a few "Alt TLDs". It is here:

https://registrar.epik.com/prices/registration/alt

We'll try to make this more obvious at checkout but the short of it is that it is a resilient domain, more functional than the Blockchain-based alternatives that are being tested elsewhere.

7363824 · Nov 11, 2019

1) I am glad to see a privacy provider who is not only free but also dosent unmask for just any request.

2) why would a UDRP panel even need to force unmasking? Seriously can someone provide a reason behind this? It seems to me a UDRP is filed served to the privacy provider and forwarded by them to the registrant without unmasking. IF the registrant wants to they can choose to identify themselves as the owner and defend it or not and let the panel decide solely on the complaint. If there is a need to take it beyond UDRP my understanding is a case can be filed against the domain name without knowing who the registrant is and the same process would apply which leaves the owner in control. The only time the owner should be identified without their consent IMO is pursuant to a court order obtained by law enforcement showing cause that the domain is engaged in illegal activity and even then unmasking shouldn't be public but done privately to law enforcement directly for them to continue their investigation.

Rob Monster · Nov 11, 2019

Ryan217 said:
1) I am glad to see a privacy provider who is not only free but also dosent unmask for just any request.

2) why would a UDRP panel even need to force unmasking? Seriously can someone provide a reason behind this? It seems to me a UDRP is filed served to the privacy provider and forwarded by them to the registrant without unmasking. IF the registrant wants to they can choose to identify themselves as the owner and defend it or not and let the panel decide solely on the complaint. If there is a need to take it beyond UDRP my understanding is a case can be filed against the domain name without knowing who the registrant is and the same process would apply which leaves the owner in control. The only time the owner should be identified without their consent IMO is pursuant to a court order obtained by law enforcement showing cause that the domain is engaged in illegal activity and even then unmasking shouldn't be public but done privately to law enforcement directly for them to continue their investigation.

To recap, this a case of a registrant who is not interested in funding an attorney to defend a domain that is worth less than the cost of hiring counsel to present a case, or to pay a fee to request a 3-person panel versus a sole panelist.

The function of WIPO should be to streamline dispute resolution, not engage in bounty hunter operations from a panelist that was never not appointed by WIPO.

In the meantime, I talked to a respected UDRP attorney today who has prevailed in tough UDRP cases. He fully agrees that there appears to have been a shift in tenor. The attempt at presumptive close on a forced de-cloaking of a privacy-protected registrant is a new pattern.

The other new pattern is the panelist sending interrogatories rather than deferring to ICANN on a compliance inquiry. Why? Seems mighty odd -- someone is out of their lane. I am hoping this is an isolated event and not a sign of an expanded mandate from unelected persons at a central authority.

7363824 · Nov 12, 2019

My point is more simply put a privacy proxy service should not ever have to disclose the registrant for UDRP but rather forward the notice to them. I see nothing to be gained by forcing the deanonimization of the domain owner. I'm happy to see a registrar and proxy service that stands up for its customers.

I fully understand your customers choice in this matter as I myself have several domains that are only worth 1-2k and I got so cheap that I could not justify the expense of defending a UDRP against them.

Rob Monster · Nov 12, 2019

Ryan217 said:
My point is more simply put a privacy proxy service should not ever have to disclose the registrant for UDRP but rather forward the notice to them. I see nothing to be gained by forcing the deanonimization of the domain owner. I'm happy to see a registrar and proxy service that stands up for its customers.

I fully understand your customers choice in this matter as I myself have several domains that are only worth 1-2k and I got so cheap that I could not justify the expense of defending a UDRP against them.

Yes, you nailed the issue.

And our compliance team did submit a response to WIPO today.

King · Nov 13, 2019

Sometimes I want to know who owns the domain & seeing the privacy provider annoys me.

Rob Monster · Nov 13, 2019

DigitalRoar said:
Sometimes I want to know who owns the domain & seeing the privacy provider annoys me.

Well, a service coming online service called WHOQ.com will hopefully make that experience suck a bit less. The registrant can then optionally describe themselves without fully decloaking. They can also receive secure messages without handing out their contact details.

Silentptnr · Nov 14, 2019

@Rob Monster

Perhaps you could answer this question for me. If I elect to use privacy protection, does that prevent the registrar from selling my info to spammers?

I don't usually use privacy, but seems my telephone does not stop ringing. Is there a separate opt out for that?

Rob Monster · Nov 14, 2019

Silentptnr said:
@Rob Monster

Perhaps you could answer this question for me. If I elect to use privacy protection, does that prevent the registrar from selling my info to spammers?

I don't usually use privacy, but seems my telephone does not stop ringing. Is there a separate opt out for that?

I doubt registrars are selling your info.

What can happen is that you buy a domain and the domain is briefly in your name and then your privacy proxy is overlaid.

Also, some registrars force you to de-cloak before you can transfer out as if removing anonymity should be some requirement to change registrars. That would be nonsense.

At Epik, privacy is enabled by default and it is easy and free to add and remove at will. If you use privacy, there is a forwarding email address.

We have a RDAP solution coming online that will still use privacy, so that means that the registrant data we will publish even through RDAP will be the legal entity on record, which can be Anonymize, Inc.

I am not sure which other registrars are holding the line on registrant privacy with RDAP. I bet not many.

Silentptnr · Nov 14, 2019

Rob Monster said:
I doubt registrars are selling your info.

What can happen is that you buy a domain and the domain is briefly in your name and then your privacy proxy is overlaid.

Also, some registrars force you to de-cloak before you can transfer out as if removing anonymity should be some requirement to change registrars. That would be nonsense.

At Epik, privacy is enabled by default and it is easy and free to add and remove at will. If you use privacy, there is a forwarding email address.

We have a RDAP solution coming online that will still use privacy, so that means that the registrant data we will publish even through RDAP will be the legal entity on record, which can be Anonymize, Inc.

I am not sure which other registrars are holding the line on registrant privacy with RDAP. I bet not many.

Thanks @Rob Monster . I just crossed you and Epik off my list of suspects.

Rob Monster · Nov 14, 2019

Silentptnr said:
Thanks @Rob Monster . I just crossed you and Epik off my list of suspects.

Check the emails you are getting. The can come through the privacy proxy, e.g. [email protected]. We do spam-filter, but some stuff does go through. However, we don't publish your stuff without permission, and that was even well before GDPR blew through.

Silentptnr · Nov 14, 2019

Rob Monster said:
Check the emails you are getting. The can come through the privacy proxy, e.g. [email protected]. We do spam-filter, but some stuff does go through. However, we don't publish your stuff without permission, and that was even well before GDPR blew through.

It's the phone calls.

Rob Monster · Nov 14, 2019

Silentptnr said:
It's the phone calls.

Definitely not us. I get them too. I mark their phone numbers as spam -- they mostly use the same numbers so it is easy to ignore them. Same with the other scam callers -- they don't have that many phone numbers.

frank-germany · Nov 14, 2019

Silentptnr said:
@Rob Monster

Perhaps you could answer this question for me. If I elect to use privacy protection, does that prevent the registrar from selling my info to spammers?

I don't usually use privacy, but seems my telephone does not stop ringing. Is there a separate opt out for that?

use your cell number
and block unwanted calls
in blocking the caller
on the phone itself

NamesMax · Nov 14, 2019

frank-germany said:
use your cell number
and block unwanted calls
in blocking the caller
on the phone itself

I did this with the main reason I moved to privacy...Indian website companies.

otismo · Nov 14, 2019

just reg'd some .o's

can't add them to my hosting account

how do I add content?

Rob Monster · Nov 19, 2019

Updates here on this thread:

- A UDRP was resolved this week without disclosing a registrant beyond that the domain was held by Anonymize, Inc. The domain will go to the complainant.

- A number of folks have noted that some registrars do require you to remove their WHOIS privacy to transfer out. There is a free solution there, which is to use Anonymize.com WHOIS privacy first and set the WHOIS to Anonymize.com before initiating a transfer. Per ICANN, that update may require a 60-day wait to move it, but it means that if/when you sell or transfer the domain, you don't have to de-cloak.

- I did see some chatter this week in some blogs about the prospect that there is a push to penalize registrants if they lose in UDRP, essentially forcing them to defend themselves since a loss by default would come with some reputation cost. That is essentially a Draconian forced tax on a process that is increasingly rigged against the registrant. @Zak Muscovitch and others are thankfully vigilant here.

Our marketing team has reached out to ICA this week about joint programs to help grow the ICA member base to add support. I hope to give out some free ICA memberships soon as a way to expand the support of ICA in parts of the world where ICA membership would be a luxury for some.

trelgor · Nov 20, 2019

ICA memberships are not priced effectively.

Have you hugged your WHOIS privacy provider today?

Do you use WHOIS privacy and count on it to protect your privacy? Sort by votes

Yes, absolutely, I am about being in control of my identity

Yes, but the privacy proxy needs lots of wiggle room to comply with disclosure requests

Yes, but I have just about accepted that I live in a fish bowl and I have no privacy anyway!

No, I am an open book. Come at me Bro!

No, I don't use it because I am too lazy or don't care about privacy plus I love spam

This thread is stupid

Founder of EpikTop Member

Attachments

Founder of EpikTop Member

Premium DomainsTop Member

Premium DomainsTop Member

Top Member

Top Member

Founder of EpikTop Member

Top Member

Founder of EpikTop Member

Restricted (Market)

Founder of EpikTop Member

Restricted (Market)

Founder of EpikTop Member

Investor & CreatorTop Member

Founder of EpikTop Member

Domains88.comTop Member

Founder of EpikTop Member

Domains88.comTop Member

Founder of EpikTop Member

Domains88.comTop Member

Founder of EpikTop Member

domainer since 2001 / musicianTop Member

Top Member

Established Member

Founder of EpikTop Member

Top Member

Similar threads

We're social

Pinned

Appreciation

Agreement

Do you use WHOIS privacy and count on it to protect your privacy?
Sort by votes