services Whois is going to be replaced by RDAP relatively soon

[News]

Both companies have this week started piloting implementations of RDAP, the Registration Data Access Protocol, which is expected to usurp the decades-old Whois protocol before long.

The two new pilots only currently cover Verisign’s .com and .net registries and Afilias’ .info.

RDAP helps standardize access control, meaning certain data fields might be restricted to certain classes of user. Cops and IP enforcers could get access to more Whois data than the average blogger or domainer, in other words...

Read More

 

[offthehandle]

Another opinion piece.

http://www.circleid.com/posts/20171208_whois_how_could_i_have_been_so_blind/

 

[Kate]

FWIW we never get spam when we register domains in some European extensions like .se or .be, because spammers cannot mine the whois DB at will. If you want to obtain registrant details you need to go to the registry website and you'll have to fill out a captcha, so it's not something that can be automated. The French registry automatically does whois privacy for individuals, but they still have the data if someone needs it for a good reason ie legal.
So we could easily make like more difficult for the spammers and the stalkers, it is just a question of will.
Besides, domain names are assets too, I think what you own is nobody's business, not even the government's unless it's taxable. I don't see why your wealth (or bad taste ) should be laid bare before the whole world unless you decide to...

 

[mr-x]

...they eagerly import bad practices from the US

EU or your own country didn't need examples from the US on how to violate someones privacy.

 

[Jasonn]

FWIW we never get spam when we register domains in some European extensions like .se or .be, because spammers cannot mine the whois DB at will. If you want to obtain registrant details you need to go to the registry website and you'll have to fill out a captcha, so it's not something that can be automated. .

that is reasonable but making it so the average person can not have any access to whois records is not, which seems to be the case with RDAP.

 

[offthehandle]

FWIW we never get spam when we register domains in some European extensions like .se or .be, because spammers cannot mine the whois DB at will. If you want to obtain registrant details you need to go to the registry website and you'll have to fill out a captcha, so it's not something that can be automated. The French registry automatically does whois privacy for individuals, but they still have the data if someone needs it for a good reason ie legal.
So we could easily make like more difficult for the spammers and the stalkers, it is just a question of will.
Besides, domain names are assets too, I think what you own is nobody's business, not even the government's unless it's taxable. I don't see why your wealth (or bad taste ) should be laid bare before the whole world unless you decide to...

I just received this past couple of weeks unsolicited offers from spammers selling all the whois database. You never receive such ridiculous offers? This sort of regulation and change will then move the spammers to profit even further from databases, I would imagine there will be unscrupulous people reselling RDAP data too, you simply can’t regulate these things. Scaping all the whois data is obviously should be controlled and is ridiculous, so the Captcha feature you mention is also used by various registries like GD on all queries.

Not sure about Europe, but in the states, assets such as your taxes based on home value are public information. Car ownership too, outstanding loans and credit reports too. LexisNexus allows you to look up entire lists of assets for specific people in their personal names. It used to be $30 a day to use, Attorneys use it all the time for asset location, attaching and liening properties, discovery motions, etc. The point is, anybody with basic skills and for a price can search all those assets.

I recall in the late 90’s german sellers on ebay had some of their information masked out, per a privacy law there. Not sure where that stands today.

 

[equity78]

This could all be solved easily, when you register a domain name you have to opt in to making results public. Domain owners who wants offers would probably opt in, then everyone else could be private and if someone breaks a law then they know the registrar will work with the authorities.

 

[Kate]

I just received this past couple of weeks unsolicited offers from spammers selling all the whois database. You never receive such ridiculous offers? This sort of regulation and change will then move the spammers to profit even further from databases, I would imagine there will be unscrupulous people reselling RDAP data too, you simply can’t regulate these things.

You've raised an important point: the economics of spam. Spam is so massive because it costs very little and the data is readily available, waiting to be abused. Whois is nothing more than unnecessary exposure to scammers, spammers, stalkers and predators. Like other Internet protocols, it was designed in the 80s when the Internet was a much quieter place.
If law enforcement needs registrant data, then they should go to the registry or the registrar.
Fact is, whois is more often abused then used for good purpose these days.

If the data becomes more expensive to acquire, or scarcer, then this should make the business of spamming less profitable or raise the barrier to entry. Although spam is a nuisance, it's not the only thing I had in mind. I just think privacy should be the default and not a privilege.

 

[offthehandle]

Fact is, whois is more often abused then used for good purpose these days.

Sad but true. I still believe the barrier to entry won’t change the volume after thinking about that a moment, what will happen is like the illegal shared use of online sites. Where expensive subscription sites one person cannot afford, they team up to have multiple people trading passwords. Spam will just change, Raymonds solution to opt out by default instead of the opposite makes sense and a very simple solution that would work.

But as with all things someone or some large self serving organization will find a way to make it complex for their own agenda or job security, lol. Microsoft built their OS empire of unnecessary complexity in design to employ thousands of extra people. Direct and indirect. Look at the whole SEO thing and Google. Extends to failed Gov programs and tons of law enforcement on like the war on drugs. Make things scarce, complex, difficult and employ legions and create empires.