Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
News

VeriSign DNS in Trouble 222

Posted by CmdrTaco
from the thats-so-terrible-for-them dept.
hesiod writes "Over at CNet News, there is an article reporting that VeriSign may lose their ability to sell domains. Evidently, ICANN is miffed because VS's WHOIS database has incorrect information. Not exactly news to most of us, but they have been given 15 days to fix the errors, or risk losing the ability to sell domains."
This discussion has been archived. No new comments can be posted.

VeriSign DNS in Trouble

Comments Filter:
  • I wonder if this includes their right to sell SSL certificates too... it's probably an entirely different matter, but still... if they can't handle domains, why should they be able to handle SSL certificates?
    • The DNS operations are a completely different thing from the issuing of SSl certifications. So, there is no fear in that going away.
    • AFAIK, the "authority" behind a Verisign SSL certificates is... Verisign itself. So the question raised is not whether Verisign can continue to sign certificates, but whether anybody should trust Verisign's assurance that company X is legit.
    • by autopr0n (534291)
      How could ICANN stop them from selling SSL certificates?

      It'll be intresting to see if VeriSign can actualy fix this in the time alloted, given their amazingly shitty technical skills.
    • I love the lying with statistics in this statement: "Out of 10.3 million records, they pulled out 17 of these that have inaccurate data on it," "That doesn't diminish the fact that VeriSign sees this as an important issue, but 17 names out of 10.3 million would hardly be considered a pattern."

      Uh-huh, and how many did ICANN check to get those 17? Is that 17 out of 10.3M or 17 out of 32? Verisign obviously thinks everyone is dumber than they are.

  • by Anonymous Coward
    1. Mess with WHOIS database
    2. ?
    3. Profit
  • ICANN angry at Verisign. Who's gonna get all pissy next? Satan?
  • Pay for my P.O. Box and I'll update my contact information. I'm not giving people my home address.
    • "Pay for my P.O. Box and I'll update my contact information. I'm not giving people my home address."

      Why did you say this? Where does it say that a P.O. Box is problematic?

      A.
      • Re:Screw ICANN (Score:4, Insightful)

        by (startx) (37027) <slashdot AT unspunproductions DOT com> on Wednesday September 04, 2002 @05:51PM (#4197382) Journal
        he's saying the only way he'll put in accurate info is if that info is a P.O. Box, which costs money. He doesn't want to list his home address for obvious reasons.
        • "he's saying the only way he'll put in accurate info is if that info is a P.O. Box, which costs money. He doesn't want to list his home address for obvious reasons."

          Thank you, I didn't twig to that. On the other hand, I must point out that if the poster doesn't already *have* a P.O. Box (or the equivalent) that game has already been lost.

          A.

          Who has had a P.O. Box all of his adult life.
          • On the other hand, I must point out that if the poster doesn't already *have* a P.O. Box (or the equivalent) that game has already been lost.

            What game is that? Yes, it's possible to track down my address from my domain name, but it's sufficiently difficult to stop most people.

            • "What game is that?"

              Well, the previous poster claimed 'obvious reasons'. I interpreted that to mean 'wants to keep physical address more or less private'. You may or may not actually feel that way. I was also thinking more generally than just domain names. If you don't use a P.O. Box, your real address appears in far too many places to consider it private.

              A.

              -100 Offtopic
              • Well, the previous poster claimed 'obvious reasons'. I interpreted that to mean 'wants to keep physical address more or less private'.

                Well, mainly I just don't want someone getting pissed at something I write on my website or on slashdot showing up at my doorstep. Yes, it's still possible, so maybe I'm just being overly paranoid.

                If you don't use a P.O. Box, your real address appears in far too many places to consider it private.

                Perhaps. At the moment I just moved 4 days ago, so pretty much no one who doesn't know me personally has my real address. And if I could lie completely about my address, instead of putting an old address, it would be pretty much impossible to figure out which "Anthony DiPierro" I happen to be. The phone number is real, but it's an efax number, so unless you have a subpeona, you're not going to get my identity from it.

  • that ain't bad... give them a break...

    If the IRS was this accurate then taxes would be a lot less since all those slipping through the system would be caught...
    • It's a lot more than that. I've lost count of how many spammer domains I've tried to trace, only to be stopped cold by bogus registration info that, despite such being clearly prohibited by NetSol's terms of service, they never do anything about.

      I used to think ICANN wasn't good for anything more than demonstrating how political infighting and empire-building quickly take the place of serving the common interests (of the Internet's users). Now, though, I find myself actually amazed that they're doing something right.

      The proof will be in the next whois lookup I do...

  • My info is out of date, it's got an old address. Mysterious messages about updating account information have been left on my answering machine.

    I wondered who that was... Anyone else get called by them?

    • No, but I just registered a domain with godaddy.com last week, and got a post card from Versign today saying I can transfer domains to them for $15, and get a 1 year extension.

      Funny I've been considering transfering my 3 domains from Verisign to Go Daddy for half that. That postcard sold me, I will now.
      • No, but I just registered a domain with godaddy.com last week, and got a post card from Versign today saying I can transfer domains to them for $15, and get a 1 year extension.

        Funny I've been considering transfering my 3 domains from Verisign to Go Daddy for half that. That postcard sold me, I will now.


        Everyone using Verisign should take this opportunity to switch! The only reason anyone would use Verisign as their registrar anymore is laziness. We've all been bitching and moaning about how much Network Solutions sucked since before they even started charging for domains but we have a choice now. I would recommend GoDaddy as well. $8.95/year for a domain name and they have a decent web interface for administration. I can register a domain for 4 years for what Network Solutions was charging for 1 year! :-) Talk about rape.
  • Surprised? (Score:3, Funny)

    by VisualStim (130062) on Wednesday September 04, 2002 @04:22PM (#4197234) Homepage
    Ok, everyone who has a domain registered through VeriSign, please rasie you hand ... for shame ... you are all sentenced to 100 MetaModerations a day for a month. Now get to it!
    • Register.com for a couple, godaddy now that I managed to get my own DNS server running :P
    • Who here had their boss decide to register two domains before anyone else took them (not that they would want them) and decide instead of talking to the local DNS person, register them with Verisign and decide to use the halfpricehosting.com Verisign partner.

      What a pain in the ass to get them moved to us.
  • Will there be a more in depth search of the records? It seems to me that 17 records is not a lot for a major site. The address look perfectly legit - They happen to be some of the addresses I give for online forms :-)

    I think the real question now is does Verisign drop the domains that don't have legit info to satisfy this complaint. It is a good resource for tracking down abusers and other complaints. I have used it a number of times to track down contact info of providers of people who have attempted to crack my system...
  • PR Stooging (Score:3, Insightful)

    by alexmogil (442209) on Wednesday September 04, 2002 @04:23PM (#4197248) Homepage Journal
    "Out of 10.3 million records, they pulled out 17 of these that have inaccurate data on it," said VeriSign spokesman Brian O'Shaughnessy. "That doesn't diminish the fact that VeriSign sees this as an important issue, but 17 names out of 10.3 million would hardly be considered a pattern."

    I'm sorry, but my rebuttal is: "HAHAHAHAHAHAHAHAHAHAHAH!"

    Only Seventeen?! I'd wager 15% of the domains on there are pointed to the phone number 123-456-7890 at the address of 123 Main Street. I'd call that the beginning of a pattern. Buncha jerks.

    • "Out of 10.3 million records, they pulled out 17 of these that have inaccurate data on it,"

      Yeh, but it was probably the first 17.. and I believe the problem isn't people giving them incorrect information, but rather them failing to update peoples information on request.
    • If this was the case, why could have ICANN just piled on these massive amounts of cases? I'm sure it wouldn't be that hard to do the following commands:

      cat WHOIS-Database | grep -AB 10 "123-456-7890"
      cat WHOIS-Database | grep -AB 10 "123 Main Street"
      cat WHOIS-Database | grep -AB 10 "555-555-5555"
      cat WHOIS-Database | grep -AB 10 "-555-"
  • by wowbagger (69688) on Wednesday September 04, 2002 @04:26PM (#4197259) Homepage Journal
    True, bogus WHOIS data makes it very hard to track down spamm^H^H^H^H^Htroublemakers on the 'Net, but is this really Verisign's fault?

    If I register floobydust.com, and I fill in a contact email that becomes invalid three days after I go live, is that Verisign's fault? What should they do, spam everybody in their WHOIS and purge the bounces?

    I can think of lots of reasons to yank Verislime's ability to sell domains, but I'm not sure this is one of them.
    • On the other hand as customers we shouldn't have to repeatedly ask them to fix inaccuracies and be ignored until we threaten to switch all our domains to another registrar. I ditched VS over a year ago due to some sleezy crap they pulled with a couple of my personal domains when I tried to transfer. Unfortunately I still have to deal with them for customers that didn't know better when they registered either.
    • If I register floobydust.com, and I fill in a contact email that becomes invalid three days after I go live, is that Verisign's fault?
      You're forgetting that domain owners are also supposed to give physical addresses. Of course spammers (and shy people) give a bogus address. Apparently some registrars check that the address actually exists, but that's not really useful if they don't verify that the registree receives mail there. Doing that would add a couple bucks to the cost of registering a domain -- but does the world really need ten-buck registration services?

      Once, on some weird whim, I tracked down and contacted the person registered as owner of a spam domain. Turned out to be an elderly lady who didn't even own a computer! Obviously the real owner got her name and address out of a phone book. I reported this to the registrar, Verisign, and got back a form email about jerking domains not having any effect on spam. No comment on the fact that they had helped perpetrate a fraud!

    • No... they should not do that.

      But when they are contacted and informed that the contact information for a domain that THEY ISSUED is not valid, then they MUST do something about it.
      It is their JOB to maintain that information.
      ie: Try to contact the domain holder, decide if the registration was fake or not, then axe the domain.
    • I can think of lots of reasons to yank Verislime's ability to sell domains, but I'm not sure this is one of them.
      ...so? Are you complaining? Any reason to hurt NSI/Verisign is a good one in my book.
    • They went through a process of changing Versign domain holders over to their new, improved system of authentication. On paper (or in my head) it was supposed to have been a question of assingning usernames and passwords and transparently changing the auth method.

      What they actually DID do was rape the whole WHOIS database for lots of domains, changing zone contacts, technical contacts and in some cases administrative contacts to NO.VALID.EMAIL@blahblah, in many cases before or without EVER sending the stupid letters explaining what happened.

      It was a TOTAL FUCKAROUND to get it fixed when it happened, especially when you got no information about specific domains (usernames, passwords).

      I even had supervisors at Verisign tell me to make up my own letterhead and fax in changes for domains. They said all they looked for was info that looked vaguely professional. I eventually made a template in word that I faxed in when I pasted in new "logos" I ripped off from google.
    • > [data changes after validation], is that Verisign's fault?

      No, but if one registers with an address like "Yellow Brick Road, Kansas" (yorkstreethardware.com), or "000 Blank St., No city, XX 00000" (dundjerski.com), or a phone number like 650-555-1212 (sunnyside.com) or 000-000-0000 (jaxx.net), one could argue that the domain should have never been issued.
    • If I register floobydust.com, and I fill in a contact email that becomes invalid three days after I go live, is that Verisign's fault?

      Right, except that according to the article:

      One customer who registered a domain name using the fictitious name of "Toto" with the fake address of "Yellow Brick Road" in "Oz, Kansas." [...]

      ICANN said VeriSign's violations include ignoring repeated requests to correct customer information for Dundjerski.com, in which the administrative contact was, "OOO Blank St., No City, XX 0000" with a phone number of "123-123-1234."

      which is a little bit more obvious than an email address change.
    • Actually, yes it is. The information contained about the domain contained in the WHOIS database is very important and the registrar should make sure that the information is valid.

      Here's what I think that should be done to make sure that the information is correct... Build in a clause to the registration agreement that the registrar will verify the information periodically and if any of it changes, the registrant is required to supply the changed. Then, the registrar verifies the information by sending an email to the contact addresses that must be replied to within a certain timeframe. If the email bounces or there is no reply, the domain gets suspended (out of the DNS database until the problem is rectified). Start off with checking the address frequently and then less frequently as the address seems to become more perminant.
  • by molo (94384)
    One of the records in question is that for dundjerski.com, in which there is false information for the Administrative Contact:

    Dundjerski, Marina (MDE220)
    Marina Dundjerski
    000 Blank St.
    No city, XX 00000
    US
    123-123-1234

    However, on the same record, the "Registrant" field lists an address for the same name as above. If this is the worst that they can come up with, I hardly consider this a big deal.

    -molo
  • How convenient (Score:4, Informative)

    by gmhowell (26755) <gmhowell@gmail.com> on Wednesday September 04, 2002 @05:25PM (#4197268) Homepage Journal
    Verisign has given me about 15 days to renew my registration of domain.

    Not gonna happen.

    Hello gandi.net

  • # whois Dundjerski.com

    Whois Server Version 1.3

    [...]

    Administrative Contact:
    Dundjerski, Marina (MDE220) marina10@EARTHLINK.NET
    Marina Dundjerski
    000 Blank St.
    No city, XX 00000
    US
    123-123-1234

    # date ; whois Dundjerski.com | grep updated
    Wed Sep 4 18:12:24 EDT 2002
    Database last updated on 4-Sep-2002 18:12:24 EDT.
    # date ; whois Dundjerski.com | grep updated
    Wed Sep 4 18:12:25 EDT 2002
    Database last updated on 4-Sep-2002 18:12:25 EDT.
    # date ; whois Dundjerski.com | grep updated
    Wed Sep 4 18:12:26 EDT 2002
    Database last updated on 4-Sep-2002 18:12:27 EDT.
  • i'm forgetting again (Score:5, Informative)

    by gsfprez (27403) on Wednesday September 04, 2002 @05:38PM (#4197309)
    what law is it breaking to have incorrect data?

    in fact, i have incorrect data because i and my wife were being stalked - and the WHOIS database is where he thought i lived. He went looking for us at the old address.

    and what's the worst part of all - to have ANY level of security from a whois search that could give sickos and perverts your address is by getting a P.O. Box.. from the USPS!

    Imagine, the key to internet privacy is the Postal Service. Now that's just great.
    • There is talk of a law that makes it illegal to have false whois data. This is to handle people trying to make money buying domains and selling them to trademark owners.

      Currently you are contractually obligated to provide correct whois information by the terms of service that propagated from ICANN.


      SPAMMERS usually use false domain information to hide. Maybe the spammers don't want us breaking into their houses to watch TV and use their computers? Why not, their houses are connected to public roads, so we can use them. Right???

    • what law is it breaking to have incorrect data?

      None yet, but if ICANN gets their way they'll buy this law [loc.gov].

    • by jdreed1024 (443938) on Wednesday September 04, 2002 @06:07PM (#4197460)
      what law is it breaking to have incorrect data?

      There is no such law. But what's your point? If Ashcroft or someone from the justice dept were pursuing them, and there was no law, then you'd have a point.

      They did, however, sign a contact with ICANN, in which they agreed to have up to date data. They chose to take a big shit on that contract. That's why ICANN is pissed.

      Personally, I'd love to see Verisign out of business. Someone stole my identity two years ago and bought $1000 worth of services from Verisign. Verisign took a YEAR to remove the domains, claiming they needed to verify with the registrant before they could be cancelled. (Thieves have more rights than I do, apparently). They still refuse to remove the bogus whois information that the thief supplied using my correct name and address, but a fake phone number and e-mail. They claim I can't remove it, because I told them I didn't enter it in the first place. They also don't answer the phone anywhere but the sales department.

      They're a bunch of lying, thieving, ignorant wankers, who deserve to have the book thrown at them. Not that it'll happen, since ICANN will probably give up at the last minute (c.f. United States v. Microsoft).

    • what law is it breaking to have incorrect data?

      Breach of Contract.

      When a registrar signs up with ICANN, they sign a binding contract. Whether or not you agree with the contract, it is a binding contract. Below is an excerpt:

      3.7.7.1 The Registered Name Holder shall provide to Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.

      source [icann.org]
    • by mindstrm (20013)
      It's not breaking a law. It's breaking a contract.

      The agreement that ALLOWS Verisign to be a registrar requires that they provide accurate information in the whois database for all contacts.
      They are required to verify said information upon registration, and to correct errors promptly when they are found.

      In other words, you cannot 'anonymously' register a domain.

      Privacy? If you want privacy, don't go to the trouble of having your own domain, that's pretty simple. That's like saying you want to get a business license and open a shop in your town, but you don't want anyone to know where you live or who you are.. well guess what, your business license and said filings are a matter of public record, and anyone can go see them.

      This is not dissimilar.

    • I fully agree, there's no reason to have valid contact data for your domains, as long as you pay your bill. There are numerous reasons why a person would not want to be listed, and those should be honored.

      All my domains are registered with false contact information, with the exception of the email addresses, which are tagged, but valid. Can anybody tell me why this is a problem?

      None of my phones are listed in a phone book, why should my whois data be forced to be any less private?



    • in fact, i have incorrect data because i and my wife were being stalked - and the WHOIS database is where he thought i lived. He went looking for us at the old address.



      One problem with this is that when have you bogus contact information, it makes it look like you may have something to hide, seeing as how spammers employ similar tactics with their domain registration.

      My suggestion would be to get a Mailboxes, Etc. [mbe.com] dropbox and list that in your domain contact. That way, people who need to legitimately reach you via postal mail can, while stalkers will not find you.
  • by leto (8058) on Wednesday September 04, 2002 @05:38PM (#4197310) Homepage
    It is about
    - Getting rid of Verisign in the .org deal
    - Getting rid of Verisign before they get the 3
    year on .net and 5 year on .com names
    - Getting rid of a company that is going bankrupt
    and is highly fraudulent (snapnames, bogus
    invoices etc)
    - ICANN itself getting out of the spotlight for
    firing its At Large Directors
    • please don't confuse Verisign the REGISTRY (holder of .net and .com) with Verisign the REGISTRAR (the people responsible for the inaccurate registrations).
      Revoking Verisign's registrar business would be ironic indeed - it would get them out of the dual role that they had promised to give up, but gave up .org in order to be allowed to continue doing when the contract was renegotiated.
  • by stompro (24721) on Wednesday September 04, 2002 @05:42PM (#4197334) Homepage
    I have just finished a month long battle with VeriSign to get access to a domain. I would fax them an authorization letter, they would email me back saying I missed the coma on the 21st page after the statment of intent blah blah. I finally got everything to their liking but they didn't respond for a couple more weeks. So I headed over to domainmonger and did a transfer, and was up and running in a day and a half.
    I can kind of understand why a larger company would like to know that someone has to jump through major hoops before someone can hijack their domain, but for me all there security was a major pain in the ass. Plus, the last time I checked, they were using some ibm ssl software that doesn't let you use mozilla to manage your account. I am going to plug domainmonger here, I have no affiliation with them, I am just a happy customer.
    domainmonger.com [domainmonger.com]
    I have had such good luck with domainmonger, they are not a large operation, but I have never had trouble getting ahold of someone if I have had a problem.

    ....
    posting makes you feel goooooodd.
    • changing registrars (Score:3, Interesting)

      by phriedom (561200)
      I had the same problem getting VeriSign to change a domain host, they ignored faxes, etc. I finally got it moved, but was tired of the BS from VS. So I tried to move to a new registrar, GoDaddy to be exact, and got a "the current registrar has denied your transfer request." GoDaddy says there is nothing they can do about it and that I must take up the issue with VeriSign. I am of course seething mad. I am paid up. I am in compliance with their entire Service Agreement. The link in the Service Agreement that refers to changing registrars leads to a Procedure for changing restrants, not registrars. VeriSign ignored my first Help request. I just tried again and got the form email that says they will get back to me in 24hours. I'm hoping I don't have to send a certified letter to their legal department. Anyone have any advice out there?
    • I am in the middle of a long battle with them over changing the domain access. My daughter's site host went belly up, and Verisign's autoresponder never responds. We go to the site, log in, put in the changes, get a message at the correct email, respond to it as requested, and it vanishes into a black hole.

      Finally, yesterday I called them on the phone and in about 45 minutes of hassling with a live human (no wonder they are hurting), still got no satisfaction. She told me the system was changing and they could not change the domain in any way except through the autoresponder, and had no idea why it didn't work. She did manage to get it to generate a couple of "unauthorized" person trying to change your domain messages (she works for them, but she is unauthorized)! She later told me should would fix the problem (which she had earlier told me was unfixable) but it would take a few days to show up in the database! This is modern technology?
      Now the whois record shows yesterday as the last date changed, but it still has the same wrong information in it!

      This incompetent company deserves to have their domain privileges removed. Their whois database should be given to someone who can make it work!
  • by nutznboltz (473437) on Wednesday September 04, 2002 @05:47PM (#4197361) Homepage Journal
  • I'm sure ICANN can't be too happy with VS for its somewhat shady business practices recently. Is this just them using a techinicality to nibble at them (akin to tax law suits lodged against bootleggers)?
  • by uncoveror (570620) <webmaster@uncover o r . c om> on Wednesday September 04, 2002 @05:49PM (#4197377) Homepage
    ICANN should not threaten to take Verisign's licence to sell domains, they should just do it. The scam they ran trying to get customers of other registrars to switch to them with bogus renewal notices should be all the impetus ICANN needs. I recieved those bogus notices for uncoveror.com, and dontbuycds.org, but godaddy.com had already warned me they were bogus.
  • by stox (131684) on Wednesday September 04, 2002 @05:52PM (#4197389) Homepage
    Oh, this is priceless:

    11. nsi-direct.com: On 13 June 2002, we sent you an e-mail asking VeriSign Registrar to correct inaccurate Whois data in the record for nsi-direct.com. The administrative contact e-mail address for that registration is still listed as "no.valid.email@WORLDNIC.NET". We sent a test message to that address last week - it bounced back with an indication that the address was not valid. Over two months after the initial report, the invalid data is still being reported in VeriSign's Whois service.


    Wasn't this this the "spam" arm of NSI?
  • Missing the point (Score:2, Insightful)

    by FreshMeat-BWG (541411)
    The problem isn't that Verisign has incorrect data. The problem is that they "agreed to take reasonable steps to investigate and correct its Whois data in response to any reported inaccuracy" and have not done so. It is that they KNOW they have incorrect data and haven't corrected it.
  • They have a point (Score:4, Insightful)

    by Kiwi (5214) on Wednesday September 04, 2002 @05:56PM (#4197407) Homepage Journal
    I think the point ICANN is making here is not that Verisign has to make each and every single WHOIS contact info accurate. The point is that Verisign does not even care that their WHOIS contact informaiton is bogus more often than not.

    People would complain to Network Solutions about spammers having obviously bogus WHOIS information (such as phone numbers of --- --- ----), and their reply was that "WHOIS information is ot guaranteed to be accurate".

    I think the response is that, if a given set of WHOIS contact information is bogus, and people complain about the bogus information, Verisign should pull the domain in question until they update the information to have legitimate contact info.

    A spam-friendly domain without real WHOIS contact information should be pulled until the information is updated. People should be held more accountable for what they put up on the internet; non-bogus WHOIS contact info is a start.

    - Sam (Pot. Kettle. Black. I've moved since signing up for my [samiam.org] domains [maradns.org], and have not updated the WHOIS contact info)

  • My company had about eight domains registered through Verisign and were subjected to a few of Verisigns fraudulent business practices as well as their hideous, hideous service.
    If they get punished for ANYTHING that will give me a little satisfaction. It's kind of a rarity for companies to be held responsible for being arrogant f-ups. Let's hope this gets carried through and they get the spanking they deserve.
  • First of all, I'd be willing to bet the numbers are rather high for fake addresses, across a good number of domain registrars besides VeriSign. There have to be some people out there creative enough to make up addresses that sound plausible... but just don't happen to belong to the person registering the data. (As opposed to 123 Main St, (123) 456-7890.)

    I realize that keeping data on who domains belong to is somewhat important, but I don't see why this data has to be made available to the general public. Yes, it lets people trace the supposed owner of a domain... which can mean nothing, if the owner and the person maintaining the website aren't the same. It can also give people an avenue to harass you, especially if you happen to host any content that's in any way controversial.

    Once, owning a domain was something businesses did. The average person had an email like jdoe@isp.net, and a web address that probably looked like http://www.isp.net/~jdoe. There are still plenty of those out there. There are also those of us who aren't content with the tiny amount of capability our ISP accounts come with, and so pay for third-party hosting... and a domain.

    My domain holds a bunch of stuff. A forum for a hobby of mine. My public journal. Some links. Nothing out of the ordinary. I don't see why it's in any way important for other people to have easy access to my address and phone number. If the police need it, let them get it from my registrar.

    I don't think there should be a blanket assumption that domains are going to belong to businesses who don't have anything to lose from their contact info being public.
    • In many countries, any publication must carry a contact address for the owner. This is done for a reason because amongst other things, if you want to say things about somebody that are untrue, they can take action against you (note this is civil rather than criminal so the police are not involved).

      If you have a web page that does not demand a password, then it is publication. You are the publisher not the ISP. If it is 'just private stuff' then sorry, your contact details must be registered. I would however grant you as a private citizen operating a non-commercial site the ability to hide your telephone number but not your name and address.

  • by fireboy1919 (257783) <rustyp.freeshell@org> on Wednesday September 04, 2002 @06:14PM (#4197491) Homepage Journal
    Do you expect a company to keep track of the mailing addresses and names - the very IDENTITY of its clients?

    I mean, are there even companies whose business is to guarantee that someone is who they say they are and that they provide accurate information?

    The very idea is ludicrious!

    Seriously though...why not have government controlled digital signatures? They could use the passport system (not Microsoft's...the kind you get before you go to another country) as a starting point. It seems like one of the rare chances for beneficial government interference. Sure, we'd lose a particular private sector, but it'd give lots of people the same warm, fuzzy feeling that the FDIC does.

    They've already got one # to represent each person anyway.

    Really looking for (negative) responses here; I can't see anything bad about this (and I'm usually against government intervention).
  • I wonder if they are established enough in the net community to fork DNS and start up their own DNS architecture.
  • 17 records out of 10 million? This is ICANN "making hay" to look like they're sticking up for the little guy and a blatant public relations move after they went ahead and pushed through WLS despite an overwhelming vote against it [kuro5hin.org] by pretty much everyone ...except for the gTLDs (ie, .COM and .NET, which, amazingly enough, Verisign controls.).

    ICANN is so in bed with Verisign it's not even funny. This is a nudge-nudge wink-wink arrangement between them so ICANN can look like they're doing their job and Verisign takes a black eye that nobody will remember in a year so that WLS happens.

    Do not be fooled.
  • Wasn't there a case recently where an arbitrator based his decision in part on bad whois info for the domain (I believe it was a .biz so it didn't involve verisign). But this is an important reason why the whois must be accurate.
  • I'm shocked -- shocked to learn that Verisign is permitting bogus data.

    (I'd be more shocked if I were to learn that someone there knew the difference between good data and bad)

  • looks like they totally fucked up the site!
  • I just got a domain back NSI had been holding for 3 years. ITS MINE NOW! MINE!
  • by stonewolf (234392) on Wednesday September 04, 2002 @09:50PM (#4198324) Homepage
    VeriSign made a data entry error and listed my nic handle, something like, SW123 as the technical contact for a porn site. The nic handle of the real technical contact for the site was something like SW1234. They just dropped the last digit. I found out about the problem when angry customers of the porn site started contacting me. A couple threatened to sue me. I contacted VeriSign and asked them to correct the error. They refused. I explained the problem, they couldn't care less. I contacted the actual web site owner, in Australia, I live in the US, he never responded.

    I found that I was on many porn dealer mailing lists. I contacted VeriSign. I started getting promotional offers for disks of barn yard porn. Both VeriSign and the owner of the site refused to reply to my emails. When I called VeriSign they told me to stop bothering them. They refused to take any action.

    Eventually the owner tried to change the DNS server for the site, as technical contact I blocked it. They tried again, I blocked it. They tried to change the technical contact. I let them!

    I was listed as technical contact for that site for more than 4 years. VeriSign refused to do anything. I was never able to contact the actual owners of the site. I contacted VeriSign by email and by phone repeatedly. They refused to do anything.

    My name and my home address are still listed in directories of porn site operators.

    I would like to see the President of VeriSign draw and quartered. I hate those guys. Putting them out of business is the least that should be done to them. They are sick sick sick bastards.

    Stonewolf
  • www.easydns.com

    No bullshit, great service.
  • About as likely to happen as uunet kicking Ziff-Davis off for violation of their anti-spam policy when they kept sending me all the comdex crap a few years ago and I complained.

    Big money/companies like this get a whole other set of rules to play by. Probably a PR step to make ICANN look like heroes.
  • Click here [internic.net] to report bad domain info in .com, .net, or .org. This is ICANN's form, and there is a tracking system, so you can watch nothing happen in real time.

    I've been reporting some big-name spamvertized sites that hide behind phony domain registrations, and I encourage others to do so.

  • I have tried for months (and months) to get the host record for nexuscomputing.com removed. I have completed all the forms, called them (been told it will be removed immediatly, that it had been given a top priority), etc. Needless to say, the host record still points to the wrong damn IP address.

    I also recently transferred my wife's busybride.com [busybride.com] domain away from them, using joker.com and Verisign is now telling me that it is up for renewal. But if you check the whois information it is obviously registered with joker.com!

    (No, I didn't register it with Verisign, the previous owner did and after buying it I also discovered Verisign's other scam, holding domains hostage after a sale and refusing to transfer them for 60 days).

    Feh! A pox on their house.

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...