Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
News

Congressional Hearings on WHOIS 120

hamhocks writes "Tech Law Journal sent out an update on Congressional Hearings regarding the future of the WHOIS database. The update includes links to statements made by both Representatives and witnesses at the hearing. Some quotable quotes are below."
  • 'It seems eminently clear to me that websites conducting e-commerce have little "right to privacy". . .[however] isn't political speech worth protecting by redacting the personally identifiable contact information for the website owner?' -- Rep. Howard Berman (D-CA)

  • 'Given that the compilers of marketing lists have for years used Whois registration information as a source of personal information (in some cases scavenged free, in others bought from registrars), concerns over the data privacy are well justified. Most people avoid putting their home address on their web sites, and they should be able to register a domain name without effectively giving up this precaution. The public policy objective of privacy law is to preserve the individual's right to privacy, while still permitting societal participation.' -- Dr. Jason Catlett, President and CEO, Junkbusters Corp

  • 'As it stands today an accredited domain name registrar is not required to allow domain name registrants to opt-out of having their personal information provided to third parties for marketing purposes. This type of an opt-out should be provided to all registrants.' -- Lori Fena, Chairman of the Board, TrustE

  • 'In 2000, the IDSA used authority provided in the Digital Millennium Copyright Act (DMCA) to achieve approximately 3000 "takedowns" of infringing material on the Internet. Over the last year we also filed 10 civil lawsuits against Internet pirates as enforcement actions on behalf of our members, assisted in additional actions brought by member companies, and made a number of criminal referrals to law enforcement. This is in addition to thousands more takedowns and numerous lawsuits initiated individually by our member companies. These accomplishments are reflective of similar successes reported by the other copyright-based industries. DMCA self-help allows us to reduce to a fraction the losses we would suffer if limited only to court-imposed process and remedies. These efforts are made much less effective without the unrestricted access we currently have to WHOIS data, including contact information regarding domain name registrants.' -- Stevan D. Mitchell Vice President, Intellectual Property Policy Interactive Digital Software Association

  • 'In fact, if anything, the I[nternational]A[nti]C[ounterfeiting] C[oalition] believes that registrants should be required to improve their performance in insuring that domain name registrants provide correct and updated information. Because a person (legal or individual) voluntarily chooses to be present on the Internet, the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.' -- Timothy P. Trainer, President, International AntiCounterfeiting Coalition (IACC)

  • 'The breadth of these issues indicates that Congress should not act too quickly. We are dealing simultaneously with intellectual property rights, privacy rights, and free speech rights and cannot simply play a legislative game of [rock, scissors, paper] to figure which one should win in the end.' -- Rep. John Conyers, Jr. (D-MI)

Additional information:
http://www.house.gov/judiciary_democrats/internetp rivacyhrgstmt71201.pdf"

This discussion has been archived. No new comments can be posted.

Congressional Hearings on WHOIS

Comments Filter:
  • by Anonymous Coward
    Congressional webpages should be subject to a WhatSayYou? database check.
  • by Anonymous Coward
    Sure. So long as whois gives SOME indication where to START looking for someone (their ISP), and a working address or phone number that the owner can be reached at (whether they want to answer or not), I don't see what the problem with making things less specific would be.
  • by Anonymous Coward
    All house purchases are public, so when you buy a house, everyone knows who bought the house, how much you paid, and (by definition) your address. Thus, after you buy a house you are spammed with zillions of offers for everything you can imagine that is even trivially related to having bought a house.

    Annoying, but that's just life. If house purchases weren't public, it would be impossible to have credible estimates for fair values for houses. And without being able to establish fair market value, buying and selling houses would turn int a game of chicken. That's bad.

    Registering a domain is a lot like that -- you start getting spammed by people selling anything related to domains.

    In either case, I think that the benefits of having contact info for domains (or house values in your neighborhood) outweighs the loss of privacy.
  • by Anonymous Coward
    Actually, that's:

    "When you pirate MP3s,
    you're downloading
    COMMUNISM!"

    As seen in the poster [modernhumorist.com].
    I just wish I could still find some good Communisms of movie soundtracks nowadays...

    Sincerely,
    The Quote Nazi

  • by Anonymous Coward
    One thing that would alleviate privacy concerns would be an anti-spam law with teeth in it. I'm certain that it least some of those who don't want their E-mail address to be published are not concerned about one-on-one messages but rather XXX teen age slut golf-ball toner will make you a millionaire in 30 days advertisements.
  • Do you have any domains registered? I get at least one email a month telling me to move my domain or my hosting else where (no thinks on both counts). I also know I got some snail junk mail based off whois...
    Yes, I have domains registered. I get a lot of spam from the address listed in WHOIS, and I occasionally get junk mail and phone calls from it too. And yet, somehow, I find the strength to go on.

    I can appreciate arguments based on the importance of anonymity, though I don't feel that WHOIS is any great threat to anonymity of speach -- you can't anonymously own land, either, and it doesn't harm dissidents considerably.

    But arguments based on the inconvenience of hitting delete do not impress me.

  • Why do people care so much if they're listed? I've had my address and phone number public in various places on the net for years, just because. I've gotten one phone call from someone I didn't know over that whole time (and they were nice), and no one's shown up to vandalize my home or anything. Is this so strange?

    If you think your privacy is so important, you need to get over yourself. No one gives a damn about you, personally; unless they know you, in which case what does the privacy serve?

    Maybe other people just attract more attention than I do, or seem more enjoyable to victimize, or something of that sort. Or maybe people just watch too many news specials on the TV, and haven't learned that most of the world isn't out to get you. And if you have a problem with a specific person, deal with that person -- hiding from the entire world is not really justified unless you went state's evidence or are hiding from the law.

    And this isn't a big privacy concern -- it's not like WHOIS has records of sexual activity or brain scans. It's just a freaking address.

  • So that other admins have no way to determine who's in charge of the machine/domain in question, and if they're having a problem with it/them, they have no way to contact the admins. Lovely.

    I'm sure we have some problem with electronic stalking, but hiding the information from everybody, even those with valid reasons for accessing it, just because of a few idiots, isn't going to help.
    _____

    Sam: "That was needlessly cryptic."
    Max: "I'd be peeing my pants if I wore any!"
  • I think this depends a lot on the area (both the city and actual neighbourhood you live in). My parents are listed in the phone book, and get marketing calls all the time, at the most inopportune times. I'm paying (it'a a crime that you should pay to protect your privacy!) to have my number unlisted, since anyone who knows me already has my home and/or cell numbers. I've received exactly 2 marketing calls in the least year+. If you know my name you can look me up on the Internet, and send email or icq.

    The whois database IS a big deal, registries require a real real address, a real email address. Do you have any domains registered? I get at least one email a month telling me to move my domain or my hosting else where (no thinks on both counts). I also know I got some snail junk mail based off whois, because at one point I was listed as a Person contact with the name Bob Registrar, and guess what the name on the label was. Like one of the quotes said, you don't put your address on your web site, and it shouldn't be available via whois either.

    OT: BTW, with the recent phone bill increases (in Calgary, Canada) and paying to have my number unlisted, my cell phone now officially costs me less than my land line. That's just dandy. Another advantage cell phones have over land lines, telemarketers aren't allowed to call them, and there isn't a public directory.

    --

  • No!

    We cannot. Given accountibility or privacy, as a dichotomy, I pick accountablility. Privacy is managed by not giving out your fucking personal info.


    "We have the right to believe at our own risk any hypothesis that is live enough to tempt our will."
  • When I read your post, the post you referred to was scored at 5 - by the time someone else reads this post, the original post might be back to 1 for all I know - the whole point of the moderation system is that the scores change (hopefully eventually settling down to an average perception of them but in theory they could wander round for ages before that happens).

    If you'd bothered to re-load the page before posting your pointless comment, then the original post might have already found its way to a score of 3 or 4 considering the speed slashdot moves at.

    And yes, this is a pointless reply to a pointless reply to a useful post... but it was that or do some work :)

    Regards,
    Denny

    --

  • Kinda how giving everyone a gun stops crime, eh?

    And, using the same logic, taking everyone's guns away reduces crime... but that's an entirely different flamew... uh, I mean, discussion! :o)

    Replying to different posts in this discussion, here're my thoughts:

    • Given the choice amongst IP rights, free speech rights, and privacy rights, guess which one our Congress critters will pick? The one that pays them the most
    • You can't keep your information private and expect to have accountability. Technically, you should be able to, but those who we're to trust with our info are irresponsible
    • The option to withhold whois contact info from the public should be there. It should certainly not have the option of being falsified. The logistics of this will probably be sticky, if at all possible
    • For your folks who like to have whois info on-tap in order to report abuses, I'd say that it's proper netiquette to have certain email addresses (like postmaster@, abuse@, etc) for those purposes. In reality, it doesn't work that way
    • Some argue that this information is "public record." While that may be true, I certainly don't think this information should be usable by anyone for whatever reason they wish
    • Ending with a rather personal opinion, DMCA is nothing more than a gilded, unflushable turd. :o)


    --
  • by GeorgeH ( 5469 ) on Sunday July 15, 2001 @08:29PM (#83333) Homepage Journal
    Um, that's what they're thinking about changing...

    'In fact, if anything, the I[nternational]A[nti]C[ounterfeiting] C[oalition] believes that registrants should be required to improve their performance in insuring that domain name registrants provide correct and updated information. Because a person (legal or individual) voluntarily chooses to be present on the Internet, the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.' -- Timothy P. Trainer, President, International AntiCounterfeiting Coalition (IACC)
    --
  • Apple Pie isn't an American dish.

    --
  • It's spelled Rochambeau.

    This will be on the test.

  • Because a person (legal or individual) voluntarily chooses to be present on the Internet, the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.' -- Timothy P. Trainer, President, International AntiCounterfeiting Coalition (IACC)

    Last time I checked, you could choose to be UNLISTED and have LOTS of privacy protection.

    I wonder what he would think if we published his personal information for all to see? How much you want to bet he isn't listed?

  • For the record, I am listed; if you know my name, you can look me up. My main point was that it's ridiculous to say "you shouldn't expect more privacy than a home address", when in fact I can pay to have my home address unlisted in the commonly available public directories. Sounds like my home address has more opportunities for privacy than my domain registration.

    If you want to argue that it should be so (and I know there are good reasons for being able to contact the owners of a domain, though I would argue that what's more important is being able to contact owners who actually provide equipment and name services than those who own "vanity" domains), I have no quibble in general with such arguments. But don't try to claim that people who want to be able to opt out of domain resitration listing of their home addresses and phone numbers are asking for "more" privacy than homeowners.

  • well the trick is that in order to license something in a legally binding way, you need to prove that the licensee accepted the terms of the license before accepting the licensed material. So you've got a big fight ahead of you trying to prove that somebody who has your personal information obtained it either from a infringing source, or obtained it from you and also accepted your licensing terms. good luck.
  • Again, there are two different registries as you have sort of alluded to, but haven't quite said outloud. From the sysadmin point of view, ARIN is the important one, the domain name one isn't.

    I don't see the problem with the current ARIN database. You need at least a /22 (or something like that...can't remember offhand) to even apply PI-space... so it's a rather good assumption that only ISPs and other businesses and educational institutions will be listed in it.

    This needs to be kept public. An email address is not sufficient. Good luck trying to email a person telling them that their mailserver is down, or that their mailserver has gone nuts and is inadvertantly DOS'ing your mailserver. Maybe their BGP is farked up and you can't even get to their network... a lot of good an email address is going to do.

    For 99% of the slashdot people that are whining about their privacy on here, it's about the domain registry. Everyone who has their own domain name is in this one... not just big corporations. Being able to 'opt-out' of this one is a fantastic idea, let's just not confuse the two registries.

  • Hmm yah you're eaxctly right i didn't think about that when formulating my argument...

    But at the same time, your local Joe isn't going to have a /29, so we're still looking at businesses, just a lot smaller than i've orginally said.

    If you're a home customer (ie @home comes to mind, but i would be terrribly surprised if others don't do it as well), it's more than likely that if you have multiple IPs they're assigned as seperate /32's, rather than a larger aggregate block, just because of subnetting assignment issues (ie they'd be wasting 7/8 or 15/16 or whatever of their ips by saving it for people for subnets.)

  • > *Rwhois reassignment information
    > for this block is availible at:
    > *rwhois.exodus.net 4321

    I know what point you're trying to get across. however it's wrong. Look at the bottom, it has information for the exodus rwhoisd server. Just because exodus has chosen to use rwhoisd instead of SWIP'ing (the normal method for IP registration for IP suballocations).

    Take the time to do a whois query on the exodus rwhois server. It gives you exactly the same information that you would get if exodus had used SWIP instead. This is not because exodus does this out of the kindness of their hearts (well maybe it partially is), but it is a requirement of ARIN that you run an rwhois server if you do not want to use SWIP.

  • by figment ( 22844 ) on Sunday July 15, 2001 @07:48PM (#83342)
    >The only way we can have any sort of order is
    > to have responsibility. Having the ability to,
    > with one command, get a email addres, phone
    > number, and snail mail address of someone
    > responsible for every IP and domain on the
    > internet is invaluable.

    I was initially thinking the exact same thing you did... then i changed my mind. We don't need the contact info for every domain.. just every IP. Remember (for us machines at least), there's two different whois registries, the ARIN registries (important), and the general one for domain names (not important for anyone other than domain squatters).

    For hack attempts/openrelays/general troublemakers, we don't need the contact info from the general domain database... we get it from ARIN database.

    Imho, being able to be 'unlisted' from the domain registry database is just fine... because it doesn't really serve any particular purpose, hell half the time it's not even correct info. With ARIN's database, the information *has* to be correct, because ARIN *has* to be sending them a hugeass (multi thousands of dollars) bill every year.

  • by figment ( 22844 ) on Sunday July 15, 2001 @08:04PM (#83343)
    >What is ARIN
    ARIN is responsible for allocating IPs for people/businesses on a large scale (in north america). If you're a big corporation, or even a medium sized ISP, you apply to ARIN to get IP blocks. (The smallers just use the ipblocks of their upstream provider.)

    ARIN provides a database of every routeable IP that it has given out, so at any given time, i can, from a person's IP, look up his provider and instantly get their (as in their ISP's, necessarily the user's themselves) name/address/phone number. This is incredibly useful for spamcontrol and/or scriptkiddiecontrol.

    Contrast this with the domainname registry, which holds the registration information for like who owns 'foo.com'. As long as i'm not planning to buy foo.com (and my pocketbook says i'm not), i have no reason to need this information. If there is a problem originating in the foo.com domain, that's great, but i'm getting the contact info from the ARIN registry, because 1) it's probably more correct, and 2) reverse dns isn't necessarily authoritative, ie i could make my machine reverse lookup to foo.com, even though i don't own the foo.com itself. Granted my forward/reverse wouldn't match, but when was the last time you've seen an apache setup that required them to.

  • Personally I don't think that whois should be privatized to the point where I can't do a whois on a domain name and find out who it's registered to as long as I don't do it for commercial gain. I also don't believe that it is right to sell whois information as if it were a magazine subscriber list. There are legitimate reasons for an individual to need access to the contact information for domain names, whether it's a company or an individual who owns it the domain. I frequently (read many times a day) use whois to help identify details about domains advertised in spam for reporting purposes. I also frequently use it to report network abuse or attacks on my machines. Perhaps I'd like to purchase the domain ABC.net. The website seems to be abandoned so I elect to do a whois on the domain name to find some contact information for the owner so I can offer to purchase it. That's legit in my eyes. However companies like that damned register.com that address crawls the whois just to get my mailing address to spam me with "here's why we're better than your current provider" isn't legit in my eyes. Most whois providers have statements about not using their whois services for that purpose. It wouldn't stop them provider from selling my info though. I just got all of my domains away from NSI (thank God). It'll be interesting to see how much spam and butchered trees I get for my old contact address. I know damned good and well NSI shared my info. There was a very good post here a year or so back that talked about someone using NSI's online whois page to check up on a domain and then the next day finding it suddenly owned by NSI themselves. The person posting said to lookup a domain 5-10 times on NSI's website, better done from a couple different places. Pick an unused domain but make it one that looks legit. Wait a day or two and come back and your domain will probably be gone. I tried it with a domain that m2minvestment.com or something like that. Gone less that a full business day later and owned by a company that could eventually be traced back to NSI. Bastards. I straying off topic. I don't think whois should be privatized to the point where I can't find an address of someone accountable for a given domain. I do think that commercial use of whois should be strictly forbidden (or at least enforced which would be a major step up from what gets done now). If I get a spamertisement addressed to a person at my company that doesn't exist (but the mail room knows to deliver it to me, like an alias for said purposes) then I know my information has been snarfed. Anyhow, that's my $.02 worth of ramblings.

    --

  • "There was a very good post here a year or so back..."

    --

  • That 's bullshit. Recently there have been many intimidation schemes. How about that Lyons Group hardon for the parody Barney sites? Or the IDG "For Dummies" campaign? I got one from the MPAA, they just neglected to mention that the injunciton only dealt with the 2600 site, and not specifically mine. Or how about where the SDMI sharks jumped all over Felton and the others, only to back down when it looked like it would have an adverse effect on the DMCA?

    In the US, there is still a thing called the Bill of Rights, the Consititution and Due Process. It might not work everytime, but it works often enough to keep most of the tyrants at bay.

    When you drag youir sorry ass out of college, and into the real world, you might recognize it......It's pretty naive to think that those in postiions of power won't abuse it. Particularly when they don't understand the technology involved.

    Dave

  • "Privacy is managed by not giving out your fucking personal info."

    Which, due to the fact that registrars are not required to provide an opt-out, may not be possible. The analogy to a home or business is flawed (like most internet analogies) - if I have a home, I can locate it in a remote, obscure place, and put a big tall fence around it. That protects my privacy. There is no such thing on the net. Once you information is known, that is *all* one needs. Driving through every city in the world trying to match up names in a phonebook with addresses is a LOT more difficult than performing, or buying, a WHOIS query.
  • I don't see why congress can't just play rock, paper, scissors to win, our presidential ellection was ended in a rousing game of resign, recount, appeal.

    I'd love to play a nice game of Roshambo with Bill Clinton but I think Monnica beat me to it.
  • Disadvantages:

    Joe Mega-corp contacts IPSTAG holder. "Hey, make the www.joe-mega-corp-sucks.com website go away."
    IPSTAG holder: "No problem."
    IPSTAG holder kills DNS service for www.joe-mega-corp-sucks.com. Does not bother to make contact with webmaster for two reasons. 1) Does not know why Joe Mega-corp wants the site killed. 2) Too much effort to go to all that trouble of actually contacting them. It is easier to simply stop the DNS service and eventually the webmaster will figure out that no one can see them anymore.
    Think this does not happen? Sure it does. Interactive Digital Software Association brags of 3000 "takedowns". This is one organization. There are quite a few self-appointed-types doing "takedowns" for many different reasons. Got a political view? There is someone who disagrees with it. Maybe enough to get your website on a "takedown" list.
  • by Chasuk ( 62477 ) <chasuk@gmail.com> on Sunday July 15, 2001 @07:05PM (#83350)
    ...the identity and contact information of domain name registrants are entitled to no more privacy protection than are a business or home addresses in the physical world.

    First of all, are identity and contact information entitled to anything? I don't know about you, but my telephone number doesn't have any rights. I have the right to disclose or not to disclose information, but information itself has no rights. Second, assuming that Timothy P. Trainer was actually referring to the rights of registrants, and the responsibility of REGISTRARS to ENSURE that registrants provide accurate and current information, I now must ask whether he thinks that registrants somehow exist in the incorporeal world, and regular folks exist in the physical world? That's what his words imply.

    As a registrant, I want to assure him that I am just a normal guy who is distinguished only by having information in the WHOIS database. I assume that the same applies to most registrants.

    However, back to the question of privacy: I happen to largely agree with Timothy P. Trainer. Can the editor of the Washington Post keep his identity and contact information private? Did we allow Bill to keep his blowjob private? Do paparazzi allow celebrities to escape from their candid photos? Doesn't the public almost always relentlessly claim the right to know, regardless of how empty that knowledge frequently is?
  • Prove it. Post your real name, address, phone number, social security number, and mother's maiden name. After all, all information should be free.
  • 46% of all statistics are made up on the spot.
  • Well, I find that almost all hacking attempts come from compromised boxes. I like to report these compromised boxes to their admins. Sometimes, these attacks come from IPs with no reverse lookup record. The whois database helps me to find email addresses that I can send mail to. I think that policy should depend on the tld. .com, .net, and .edu, should all require telephone, email, mailing and fax address information... but .org, and .arpa should only require maybe email contact info... country TLDs can set their own policies.
  • .com et al were supposed to be for US companies. Hardly their fault people around the world started using them.

    I'm Canadian, and have several .com's, but I have no trouble with the US setting the rules. If they want to fuck with .ca (like ICANN trying to impose their domain conflict rules on all the ccTLD's), that's a different matter.
  • This actually happened once in Oregon. Someone went to the DMV, bought a CD-ROM containing the state license records for the entire state, and put them online with a "search" feature.

    No legal action was brought forth, but within two days the site was taken down because of public outcry. This was a few years back, and I can't find any links to any stories about it.

    SupremeOverlord

  • What he means is that people often have certain aspects of themselves which are made public (ever been in the paper for any sort of award, for example?). Supposing someone was interested in discussing one of those aspects, they could look up your name in the white pages and politely give you a ring, being curteous and appropriate, including calling only during times when they don't expect your business to be uninterruptible, such as in the afternoon, as long as its not around dinner time.

    My view on the whole WHOIS issue: sometimes it's useful to find who to contact when you need to talk to the administrator of a website. I'm afraid that if WHOIS is gone, stupid porn companies, with a renewed sense of anonymity, will being a fresh bombardment of inboxes with spam.

    (Yes, yes, I know, filters, but no filter is perfect unless you want to lock yourself into a completely limited group of associates.)
  • For those of you who took the time to read the tech law journal artical, you probably also saw the introduction of the location privacy bill from Sen. John Edwards. I find this equally interesting news for nerds given the typical slashdotter paranoia.

    Under the bill, "any company that monitors consumers' physical location will be prohibited from using or disclosing that information without express permission from the consumer. And third parties that gain access to the information cannot use or disclose it without the individual's permission first."
  • One database for domain names, and one for IP addresses.

    While I can understand privacy concerns associated with the domain name database (and concerns of comapanies that they reveal some pieces of their business plans because they have registered some domain name ;-), I think it's essential that the IP adress database has full accurate contact information (including phone numbers and email addresses). IP addresses are normally registered by providers, so there are fewer privacy issues involved (read: hardly any, basically it belongs to their job of providing a network connection for their clients).

    It would be a real pitty if both databases were treated the same way by some well-meaning politicians. The IP address WHOIS database is a valuable tool in tracking down net abuse, of course. Abolishing it or reducing the provided contact information could have a negative impact on the net as whole.
  • Disadvantages:


    You cannot pick up a phone and call a responsible person. You have no second avenue to contact a person, say, if someone was forging their domain name. If someone from your domain is spamming and blocking traffic, you cannot be easily contacted to do the right thing.

    Put it another way. I can go to City Hall and find out who owns every piece of property in the city. With the current system, I can find out who owns every piece of cyberspace. It seems eminently reasonable. It also lets you know which of your neighbors are respnsible citizens, and which ones spam, and which ones run porno sites. Ownership bears SOME responsibility. Making domain ownership anonymous reduces this responsibility, and I can see good and bad things that would result.
  • by cheezus ( 95036 ) on Sunday July 15, 2001 @06:27PM (#83360) Homepage
    "...cannot simply play a legislative game of [rock, scissors, paper] to figure which one should win..."

    Did the editors decide to replace the term "Rohambo" with the more commonly recognized [worldrps.com] term?

    Lets see, yes. First I kick the house majority leader in the nuts as hard as I can....

    ---

  • > I use the WHOIS database to find out who's responsible when I get spammed or when I detect a hacking attempt.

    Kind of ironic; spammers use the WHOIS database to find out who to spam! :-)
  • My god man. Pinging is the first step to launching an ICBM at your website! I hope you have a fallout shelter nearby!

    Send the SWAT team over to that evil pinger right now!


  • There's a difference between "can take" and "usually takes". I'm willing to bet that the majority of crystal meth users that the HPD feel the need to fire upon don't require more than a single buller to take down (although they may have more than a single bullet fired on them).
  • practically 100% crystal meth. The HPD (Honolulu Police Dept.) stated that it usually takes 15+ bullets to take down a guy high on that shit

    Hint: the HPD are lying. This used to be said about PCP as well. It's just the same old drug propganda on the toxin du jour.

  • by daevt ( 100407 )
    i wonder when they have scheduled the congressional herrings on the phone book...
  • by jalalski ( 100791 ) on Sunday July 15, 2001 @10:40PM (#83366) Homepage
    who finds it a little worrying that a U.S. congressional hearing is deciding matters that have global significance?

    I mean, I have no say in the matter, I didn't elect them. And yet they will decide on which of my personal details will be made available?

    jalalski,

  • I don't see the problem with the current ARIN database. You need at least a /22 (or something like that...can't remember offhand) to even apply PI-space... so it's a rather good assumption that only ISPs and other businesses and educational institutions will be listed in it.

    It is not necessarily a good assumption that only ISPs, businesses, and educational institutions will be listed in the ARIN database.

    Though it is true that minimum IP block size allocated by ARIN is a /20, an ISP must provide SWIP/RWHOIS information for any IP block that are at /29 or greater in size which it allocates to end users. This information is necessary as proof of utilization when applying for additional space from ARIN.

    The ARIN guidelines for requesting IPv4 address space can be found here http://www.arin.net/regserv/addipspace.html [arin.net]

  • Just one question that has bothered me about the pro-gun lobby.

    When the gun ownership argument is over and you've won, will you be as fervent in getting all those drink-driving laws repealed, as they impinge on your right to freely travel on the public highways?

    Unfortunately I'm not from the US, and do not pretend to be an expert on the constitution, but I do recall reading that the right to travel freely on public highways is enshrined in the constitution, either explicity or implicitly. If I am wrong here, please point that out.

    The point being that by not fighting these laws (no matter what their constitutional status) aren't you giving up liberty for safety? And are hence deserving of neither?

    Or do you in fact concede that there are some laws that are required for public safety, where _other_ people's lives are endangered (I don't care what you do that endangers your own life, but you carrying a gun has the potential of endangering mine in the same way that you driving home after 10 pints of beer has the potential of endangering mine), and that the only reason you want to play with guns is, well, because you want to play with guns.

    And even if the right to own a gun is one enshrined by the constitution (all that 'organised militia' banter doesn't really grab me that much as I'm not from the US, but I do notice a lot of debate on the subject) isn't one of the great things about the US Constitution the fact that it can be changed if it becomes out of date with the needs of the society it serves?

    K.
  • by keithmoore ( 106078 ) on Sunday July 15, 2001 @06:44PM (#83369) Homepage
    Given that the primary purpose of WHOIS is to publish site operational points-of-contact, to aid in tracking down problems, I find interesting that none of the witnesses were representatives of Internet service providers. Apparently the committee doesn't care about whether WHOIS can serve its intended purpose (before or after any legislation which Congress might enact) - they only care about whether WHOIS can be used for unintended purposes.
  • American Registry for Internet Numbers [arin.net]. They fill the same role as RIPE does in Europe, etc.
  • by jorbettis ( 113413 ) on Sunday July 15, 2001 @06:26PM (#83371) Homepage

    I use the WHOIS database to find out who's responsible when I get spammed or when I detect a hacking attempt. Fact is, having a bunch of anonymous thirteen year old kids running around DoSing people, or having assholes kill your mail server with a million "FREE HOT XXX" messages is bad enough. If they're able to do it with impunity, nevery having to worry about their ISP getting a phone call, it'll be out of control.

    We continue to discover that the trust based internet simply does not work. There are too many shitholes willing to take advantage of it. The only way we can have any sort of order is to have responsibility. Having the ability to, with one command, get a email addres, phone number, and snail mail address of someone responsible for every IP and domain on the internet is invaluable.

  • by sigwinch ( 115375 ) on Sunday July 15, 2001 @07:32PM (#83372) Homepage
    Translation: they like the fact that the DMCA and a public Whois allows them to take the law into their own hands...
    You are required to try taking the law into your own hands; courts are a last-resort measure to be used when negotiation has failed and government force is necessary. Courts look very, very unfavorably on people who refuse to make a reasonable effort to settle the matter outside court. Deliberately maintaining false information in WHOIS will prejudice the court against you (look up 'vexatious' in a law dictionary).

    Moreover, if you are found guilty of copyright infringement, deliberately false information in WHOIS will be considered as evidence of willful premeditation on your part. (Much like wearing a ski mask during a robbery indicates that you have planned to carry out the crime.)

    Restricting the Whois would force them to go through the courts, and they might not be able to intimidate people as easily.
    Your 'solution' is to make every 'net copyright infringement involve at least one federal lawsuit + a private investigation, both of which are exceedingly expensive. And this is supposed to help individuals and small companies?

    Generally speaking, any 'solution' that involves making information expensive and difficult to obtain does not help the little guy.

    (If you're worried about being 'harassed' for saying things on the Internet, either shut up or grow a spine. If you aren't willing to take flack over what you say, then by your own measure it wasn't worth saying.)

  • by Animats ( 122034 ) on Sunday July 15, 2001 @08:58PM (#83373) Homepage
    In the European Union, you have that right under the Privacy Directive.
  • Apparently the committee doesn't care about whether WHOIS can serve its intended purpose (before or after any legislation which Congress might enact) - they only care about whether WHOIS can be used for unintended purposes.

    What I find easier to believe is a general lack of understanding and interest by individuals in the IT/IS industry (not talking about companies and their lawyer consultants).

  • by kill_9_1 ( 123711 ) on Sunday July 15, 2001 @07:30PM (#83375)

    ... so why must americans continue discussing these issues as internal matters? The Internet is widely used by ALL nations of the world. ANYONE around the world is capable of registering a domain name and domain registrars aren't limited to American companies.

    Think about what countries like China and India will begin demanding as their net ussage rises. Between them, they account for nearly 40% of the world population. I highly doubt they'll allow this behavior to continue as is quietly

  • by icqqm ( 132707 ) on Sunday July 15, 2001 @07:19PM (#83376) Homepage Journal
    "Translation: they like the fact that the DMCA and a public Whois allows them to take the law into their own hands and harass people without going through the courts."

    Oh they still go to court. They just don't like the feeling of bringing a lawsuit against fifteen John Does.

  • One of the great features and also annoyances with the Australian domain name allocation system is the requirement to have an Australian registered company/business/name etc before you can acquire the corresponding .com.au ... this is mainly to preserve IP rights etc, but is also rather relevant in an identification quest... almost all .com.aus are easily traceable back to their owners. Obviously the .com sphere cannot possibly be brought under control... it would be impossible to impose these conditions on the millions who already own .coms anyway...
  • by audibility ( 136433 ) on Sunday July 15, 2001 @06:34PM (#83378) Homepage
    There's nothing stopping people, including myself, including false information in their whois entries.
  • by PhrackCreak ( 136718 ) on Sunday July 15, 2001 @06:32PM (#83379)

    For those of you who took the time to read the tech law journal artical, you probably also saw the introduction of the location privacy bill from Sen. John Edwards [senate.gov]. I find this equally interesting news for nerds given the typical slashdotter paranoia [slashdot.org].

    Under the bill, "any company that monitors consumers' physical location will be prohibited from using or disclosing that information without express permission from the consumer. And third parties that gain access to the information cannot use or disclose it without the individual's permission first."

  • Not only does afghanastan not use the internet, but they are well within their rights to decide (as a people) not to use it. I'm sure the Amish [google.com] would agree.

    Taxes are used by many of the nations of the world. Each nation decides for itself how to collect them.

    Silly person. Who would want a one world government [eu.int]. Oh wait. Are you one of those people.

    Well I can tell you this. In America, we like our apple pie hot and steamy [americanpiemovie.com] and our government slow and lathargic.

  • Okay, well assume that everyone does hate you and given your information, will come TP your house for what you say on your web site. Yeah yeah, you can argue free speech, but when the framers of the US Constitution included free speech, I think they assumed that identity of the one doing the speaking would be known. Doesn't give you the right to be an Anonymous Coward everywhere. You don't want your info released? Then shut up and don't make a web site.
  • No, U.S. only decides for the US TLDs (.com, .net, etc.).

    Funny, I always thought that these were Global Top Level Domains - hence them being managed by "X.gtld-servers.net" (X is "a" through "m"). The TLD for the US is, unsurprisingly ".us". As is typical for other matters involving the USA, they seem to believe their jurisdiction extends outside of their borders.

  • by fleener ( 140714 ) on Monday July 16, 2001 @04:36AM (#83383)
    I wonder if the privacy flap led Network Solutions to pull their DotComDirectory.com [dotcomdirectory.com] service. These days you only get a mirror of NetSol's main site. It used to be a search service where you could query for business web sites (and phone/address) by name and geographic location, with the data presumably coming from domain records. It was actually a useful service.
  • Is it really intimidation if a copyright holder wants to know why the hell you've been pirating their media?
  • by asv108 ( 141455 ) <asvNO@SPAMivoss.com> on Sunday July 15, 2001 @06:19PM (#83385) Homepage Journal
    You don't need to have accurate contact information in the WHOIS database. Generally, I find most WHOIS contact information to be out of date and inaccurate.

    On the other hand, WHOIS information can be an be an easy tool for hackers to gather info on a perspective target. It's also good for finding phone exchanges to war dial but any Jr. sysadmin should know that so I don't think its worth removing.

  • There's nothing stopping people, including myself, including false information in their whois entries.

    Sometimes there is. If someone didn't particularly like you, and they confirmed that your data was incorrect, and they checked with your registrar, and their TOS included verbage to the effect of "we can take back your domain if you lie in your whois," and they wrote to your registrar and said "This domain seems to be abandoned... its contact information is no longer valid. I'd like to buy it," then you're SOL if your registrar is mercenary enough.

  • by M. Silver ( 141590 ) <silver AT phoenyx DOT net> on Monday July 16, 2001 @06:30AM (#83387) Homepage Journal
    At the very least, you ought to have the option of leaving your phone number off. We have a bunch of different sites hosted on our server, and our name has gotten onto a bunch of business telemarketing lists. While on the one hand, it's kind of amusing talking to B2B telemarketers who don't seem to know what to do (except grovel pathetically) when they find out they've reached a residence (especially when there's the sound of an awakened-by-the-telephone baby crying in the background...), on the other hand, I'm really not fond of *anything* that adds to the number of telemarketers who call me.

  • by marm ( 144733 ) on Sunday July 15, 2001 @10:18PM (#83388)

    You cannot pick up a phone and call a responsible person. You have no second avenue to contact a person, say, if someone was forging their domain name. If someone from your domain is spamming and blocking traffic, you cannot be easily contacted to do the right thing.

    Except that you do have all these avenues still available to you, because that information is available via RIPE. If you have a problem, find the IP of the host that is causing the problem, look it up, see who owns the netblock, contact them instead, let them deal with it - it's their responsibility.

    Now, should detailed contact info be available for the IP registries through WHOIS lookup? I think so, and this is why:

    The way it's setup assumes that the owners of netblocks allocated by RIPE are significantly-sized Internet-savvy bodies with their own technical staff, who do not mind being easily-contactable. I think that's a reasonable assumption to make. How many of you own your own personal netblocks?

    Now, how many of you own your own personal domain? How many of your non-technical friends own a personal domain?

    See the difference? Domains have a very large public ownership. Netblocks do not.

    It seems eminently sensible to me that only the contact information that is actually required for the Internet to function should be available via WHOIS, whilst maximizing personal privacy for those who have no day-to-day bearing on the running of the Internet.

  • by marm ( 144733 ) on Sunday July 15, 2001 @07:24PM (#83389)

    I don't understand why the gTLD's have this ridiculous requirement to have your personal data in the whois entry. It's simply not necessary at all.

    The .uk ccTLD, for example, works like this:

    Every domain registered has only 4 things associated with it in the WHOIS entry (there can be more but these 4 are the only required fields):

    • Name (who it is registered to)
    • IPSTAG (more on this in a bit)
    • Date of registration
    • Nameservers

    And that's it. Now, what's the IPSTAG? Well, it's a tag for the entity (ISP/Domain Registrar usually) that controls the domain. Only fully checked and paid-up members of the NIC, Nominet, have an IPSTAG. When you register a domain, the company that you register through registers the domain with their IPSTAG. If you wish to transfer a domain to another host/ISP, you ask the existing IPSTAG holder to either transfer the IPSTAG for that domain to another IPSTAG holder, or simply change the nameservers. It is the task of the current IPSTAG holder to verify that you are who you say you are.

    If there is a legal problem and someone wants to take your site/domain down, well - they contact the IPSTAG holder or the operators of the nameservers (usually these are the same people but they don't have to be). The IPSTAG holder or nameserver operators then get in touch with you, or take their own initiative in sorting the problem out - i.e. disable DNS for that domain if all other avenues fail. (under the UK Data Protection Act they cannot give your personal details out to a third party, there are severe penalties for them if they do). Of course, as with any site, an interested party could simply do a whois query on the hosted site's IP address, which will give them the owner of the netblock, who will surely be able to track down the host's owner.

    The system is fully automated too - via the Automaton. The Automaton accepts email commands to change entries in the WHOIS database, but only from IPSTAG holders who have signed their email with their PGP key (every IPSTAG holder has one).

    If you have a dispute about the way your IPSTAG holder has treated you, you may take your complaint to Nominet, where it will get dealt with by the Nominet committee, made up of representatives of the longest-serving IPSTAG holders (most of these are people like you and me - sysadmins and hostmasters). There are strict rules about what an IPSTAG holder may or may not do to customers and what they may or may not charge for certain services (for instance, IPSTAG holder transfer must be free), and breaking those rules is dealt with severely - usually by loss of the IPSTAG and sometimes disbarment from holding an IPSTAG in the future. Not pleasant.

    Note that more information about you is stored by Nominet, but only for sending you crappy certificates. It never appears on the WHOIS entry, and under UK law cannot be given out to third parties without your permission. Billing is handled by the IPSTAG holder.

    Advantages to this system:

    • No personal details other than your name appear on your domain's WHOIS entry
    • The system is completely automated
    • It is still easy to track down operators of sites hosting illegal material, or at least the people in charge of the DNS or netblock on which the host is located (and who are at least partially responsible for the site legally, although this is a grey area under UK law)
    • As a domain owner, you only have to deal with your ISP/Domain Registrar except in exceptional circumstances.

    Disadvantages:

    • None that I can think of
  • They might also have used "janken", the Japanese term for the "rock, paper, scissors?" game.

    Cryptnotic

  • Kinda how giving everyone a gun stops crime, eh?

    The city of Kennesaw, Georgia, requires every resident of age (and non-felon, etc) to own a gun.

    It is within metro Atlanta (outside the perimeter), and yet has the lowest crime rates, across the board, in the state. Several states, if I remember the study properly.

  • hogshit! New York state (and city) have had very very dramatic drops in violent crime and the laws are stiff on concealed weapons... you COULD look it up, surely the FBI crime stats per state would be enlightening. you gun nuts, i swear. like another poster stated previously: "you're idiots. no, really."
  • I think limiting information provided by WHOIS services would be a bad bad thing. When I check my firewall logs, I routinely use WHOIS to find out exactly who pinged/attempted entry/etc. to check for security leaks. If anything, a WHOIS search should offer more information, including not simply the ISP "owner" but the actual connection of the "offender" for attempts at illegal access. In other words, a more improved WHOIS search could provide information about the time a hacking/cracking attempt occured and would provide information useful to the ISP, but useless to me. Any thoughts on this?
    ------------
  • practically 100% crystal meth. The HPD (Honolulu Police Dept.) stated that it usually takes 15+ bullets to take down a guy high on that shit

    Hint: the HPD are lying. This used to be said about PCP as well. It's just the same old drug propganda on the toxin du jour.


    Hey, the NYPD needed 21 bullets to take down stone sober, unarmed, Amadou Diallo. Apparently the HPD have better aim.
  • Not when it's a matter of ownership of property which is granted to you through the goverment in the public trust. Case in point, home ownership records are public information and companies and people have been using them forever to sell things (ie mortgage refinancing and insurance).

    Radio frequncies, and air traffic routes work the same way I believe.

    The namespace is not private, and I think it's in the public interest to make that information public. If people are using that information for illicit or annoying purposes, we need to tackle those issues sperately.
  • Well, individual goverments would have to pass those laws. I don't trust them either, but that's exactly the reason I don't want information about public registrations to be locked away or acess to them made so inconvenient that only people with great resources and with reason to expoit will have access to them.

    I personally feel that any unsolicited commercial mail, phone call, email, or persoanl visit should be made illegal. It's legalized harrassment to purchase crap. Of course, AT&T and the USPS make far too much cash of marketers for it to ever happen.

    This is a problem and the main reason most of us have throwaway hotmail acounts and never put real info on internet forms.

    New York state has made a good move on the phone cal side by making a state wide opt-out list for telemarketers. They call anyone on that list and it's $5000 per an offense. They should do the same with email and snail mail. It's a nice compromise.

    I'm not a privacy nut, although I can understand the arguments. It's just a fact that your info is going to get out there. I just feel it's an undue burden to us to have to opt out of every single list that gets our infomation.
  • I am starting to think that gun supporters just MAKE UP THE STATS AS THEY GO ALONG.

    Funny, that's what we say about you anti-freedom people.

    Give us a bit of proof, eh guys?

    I don't have proof, but here are statistics [kc3.com]. That page claims to summarize official FBI data into a human-readable format.

    A highlight:

    "Since adopting CCW (1987), Florida's homicide rate has fallen 21% while the U.S. rate has risen 12%. From start-up 10/1/87 - 2/28/94 (over 6 years) Florida issued 204,108 permits; only 17 (0.008%) were revoked because permittees later committed crimes (not necessarily violent) in which guns were present (not necessarily used)."

    You can slice and dice the statistics any way you want to, looking for support of a particular opinion, but you can't get around one thing: Florida's easy access to concealed weapons just hasn't turned the state into an Old West bloodbath. Heck, in Vermont you don't even need a permit: stick a gun in your pants and walk around if you like. Can't find the stats, but Vermont sure isn't known for its crime rate, at least as far as I know.

    Now this will really drive you nuts: 31 states [packing.org] have "shall-issue CCW laws. Thirty-one. That's most of them. And many of those states joined the club in the last few years. Like it or not, the trend is towards more personal freedom in this regard.

    Ultimately, statistics don't matter. You guys would still want all the guns gone even if there were unimpeachable studies showing their benefits... and we gun nuts would want to keep them even if it was revealed that guns walked around by themselves at night and shot people. It's a deep philosophical difference rooted in concepts of self-reliance and style of government, and number's ain't gonna do nuthin' but give us something to put in posts like this one.

    Oh, by the way, nyah nyah, you guys suck, cold dead hands, I'm carrying a gun right now, etc.
  • When the gun ownership argument is over and you've won, will you be as fervent in getting all those drink-driving laws repealed, as they impinge on your right to freely travel on the public highways?

    We're principled -- not insane! Is that a troll or do you seriously think we're all 100% nuts?

    ...and that the only reason you want to play with guns is, well, because you want to play with guns.

    Guns are fun but the real reason that ownership protection was built in to the Constitution is to allow the people to overthrow the government. Which is a wild and wacky thing to talk about, but there it is. I can't think of another nation on Earth that has the govermemnt's self-destruct mechanism built into the documents of state.

    Gun rights ultimately have nothing to do with hunting, target shooting or home defense. The real reason there is a 2nd Amendment is so that the people can rise up, burn down the White House, and fight off the standing army if they ever need to.

    I don't think that is a reasonable course of action today, but what about 100 years from now? 500? Gun nuts never believe "it can't happen here," because we have seen it happen all over in the past.

    Or do you in fact concede that there are some laws that are required for public safety...

    Of course I do. I'm a pretty "government hands off" guy but you can't go too far down that road without serious issues.

    If you check the facts, you will see that a high incidence of gun ownership does not correlate to high crime. If I carry a gun, it does not enganger the people around me. My state government recognizes that, and I can get a permit to carry a gun, after they do a background check to make sure I am not in fact a registered whacko.

    As an aside, please do not get into the whole "you can't beat the Army" argument, because the people can. There are about as many guns as cars in this country, and time and time again history has shown that an army has a hell of a time suppressing an armed public. The army's only recourse would be to bomb the cities into rubble -- which is what the Russians had to do to Grozny in Chechnya. And if my government is ever willing to bomb its own people into the stone age, then it truly deserves to be overthrown and replaced.

    isn't one of the great things about the US Constitution the fact that it can be changed if it becomes out of date with the needs of the society it serves?

    Yes. The process for altering the Consitution is very clear. If the no-gun guys want to go that way, they have every right to try. (I would fight it, of course.) What I object to are the unConstitutional laws that get passed anyway, and the taxes, fees and harassment that get loaded onto gun owners in many places.
  • Hey,

    Joe Mega-corp contacts IPSTAG holder. "Hey, make the www.joe-mega-corp-sucks.com website go away."

    Whilst this could happen, I refer you to the original post:

    If you have a dispute about the way your IPSTAG holder has treated you, you may take your complaint to Nominet, where it will get dealt with by the Nominet committee......There are strict rules about what an IPSTAG holder may or may not do to customers......breaking those rules is dealt with severely

    Sure, your registrar could cut your DNS entry, but that would likely be frowned upon by the Nominet committee - (most of these are people like you and me - sysadmins and hostmasters) - and you could simply re-register with another tag holder who didn't suck. The (quite small) company I work for, A2Z Computing [a2z-computing.com], is thinking of getting a tag, and I know that they won't cut my service without justification.

    In short, yes, your DNS provider could cut your entry, but if the Nominet committee judged them to have acted unfairly, they could loose thier tag.

    Uh... Nominet is good. I like it.

    Michael
  • Speaking as a Brit, two things. First, by the end of 1997 *all* handguns with a very few (usually historical) exceptions were outlawed. Check the text of the Firearms (Amendment) Act 1997 and Firearms (Amendment) (No. 2) Act 1997 on Her Majesty's Stationery Office [hmso.gov.uk] web site if you want to know the gory details.
    Second, watch out for the expected fuss soon to come over here -- the Government are expected to listen to the rabid anti-gun group (all 7 of them) instead of the hundreds of thousands of gun owners, and pretty much ban guns.
    I don't know how Godwin's Law applies here, and I suspect it applies badly, but at risk of invoking it I'll point out that in "Mein Kampf" the complete prohibition of private gun ownership is defined as part of the road towards the Third Reich.

    ObOnTopic: Without WHOIS, I wouldn't have been able to trace the low-life who's been harassing a friend of mine for the last couple of weeks. Let's see how the bathtub likes having the LEOs on his case.

  • by roju ( 193642 ) on Sunday July 15, 2001 @06:47PM (#83401)
    just wondering, could you technically claim that you hold your personal information as your Intellectual Property, and furthormore, when you issue it to anyone, you license the information to them. Any redistribution of your information would thus be considered a violation of hte DMCA and you could sue their asses

    kinda off topic, and likely to be modded down, but still
  • The Internet is widely used by ALL nations of the world.

    Not Afghanastan. [slashdot.org]


    --
    Entropy ain't just a good idea. It's the law.
  • Having the ability to, with one command, get a email addres, phone number, and snail mail address of someone responsible for every IP and domain on the internet is invaluable. Kinda how giving everyone a gun stops crime, eh?

    -----

  • And who gets the power to decide what's illicit and what's not? Looking at what's already illicit, I don't think I'd trust them... Drug War, Faith-based... ick!

    -----

  • by Agent Green ( 231202 ) on Sunday July 15, 2001 @06:44PM (#83405)
    When it comes to domain names and address space, those are publicly accessible resources, and _should_ be accessible to anyone that needs that contact information. I don't think it's fair to shroud the names of individuals that use finite Internet resources. This information, after all, is public record.

    The reason this is an issue at all is because of how easy the information is to get. Let's take another example of public record...

    I'm sure more people would be up in arms if the RMV (or DMV in some states) decided to put its records search information online. As it is, I can run any license plate or license number if I have it...but waiting in line is a pain in the ass.

    It's really sad that the low tactics of marketers has made this such a problem and brought this issue into the spotlight.


    /* ---- */
    // Agent Green (Ian / IU7)
  • The proper contact address for e-mail in a domain has always been postmaster@domain. If they don't have a postmaster alias setup then they shouldn't be accepting e-mail. In that case, DDOS them into the fucking stoneage.

    Yes, but how many folks have that alias set to send to an account they actually read? Most (I'd imagine) go to some quiet account that is never checked. This would be especially true of a site that may see a lot of bounces (ie: Web site hosting facilities whose web sites accept email addresses as part of registration and then send email to those addresses... remember - users aren't always able to put the @aol.com after their email address, or just can't spell aol ;-) )

    As far as DDOSing them into oblivion: Von Clausewitz once said (paraphrased [sourcehunter.com]) "War is a continuation of politics by other means." Use whois, contact them, THEN if you deem necessary (NOTE: THIS IS NOT ADVOCATING ACTUALLY DDOSING SOMEONE!!!), explore other means of... communication.

  • by sourcehunter ( 233036 ) on Sunday July 15, 2001 @06:38PM (#83407) Homepage
    One use of whois that hasn't yet been mentioned - solving technical issues between domains.

    When I worked for a small commercial web design/hosting firm, I managed all the servers, including one Linux mail server running sendmail. Something hiccupped and my box started contacting someone else's mail server OVER AND OVER for hours, filling up his logs but never quite making it into mine. He used whois to contact me and inform me of the problem. Turns out, my box choked on some mail because the server got some invalid DNS information.

    Someone out there is going to flame me about how I should have had my box setup to only retry every 30 minutes or so... Whoever you are - get over it. This post is about how whois is beneficial, not how improperly configured sendmail instances are Satan's own kin.

  • '...DMCA self-help allows us to reduce to a fraction the losses we would suffer if limited only to court-imposed process and remedies. These efforts are made much less effective with the burdensome restrictions of the Fourth Amendement, such as the restricted access we would have to pirate's homes, including their unauthorized CD-Rs and illegally photocopied magazine articles.' -- Stevan D. Mitchell, Vice President, Intellectual Property Policy Interactive Digital Software Association

  • The Internet needs accountability
    But can we balance accountability and privacy?

    -Karl
    --------------
    [root@kgutwin /dos]# file msdos.sys

  • errmm.. don't forget bank details! and while you're at it, why bother encrypting anything??
  • ...DMCA self-help allows us to reduce to a fraction the losses we would suffer if limited only to court-imposed process and remedies. These efforts are made much less effective without the unrestricted access we currently have to WHOIS data, including contact information regarding domain name registrants.

    Translation: they like the fact that the DMCA and a public Whois allows them to take the law into their own hands and harass people without going through the courts. Restricting the Whois would force them to go through the courts, and they might not be able to intimidate people as easily.

  • I use Whois all the time (mostly ARIN [arin.net], to see who owns various unresolvable IPs that I see poking at my computer), but these records shouldn't be required to contain complete contact information.

    Maybe giving complete info for a registration (verification of identity) would be a good thing, but Whois should only return what the owner wants it to return: at minimal, a contact email address. Since the owner has their own domain, they can set up a hostmaster@ address or something just for the Whois contact (so at least the spam gets routed to one place). Corporations might want to have their street address and business phone numbers listed; but I don't think most individuals do.

  • Since you are posting from RIT, I assume you are in the USA.

    You need to learn the history of the First Amendment, which goes back to the complaints underlying the Declaration of Independence. One of the most influential pamphlets leading up to the DoI, "Common Sense", was published and distributed anonymously. Do you think that the Founders would have even considered a Constitution which would allow political speech to be suppressed merely because the author refused to be identified? Not a chance, and the courts have repeatedly ruled consistently with this.
    --

  • Well, if they don't accept the license (usage for resolution of technical problems and domain registration issues (latter reserved to your domain registration authority)), then wouldn't it revert to copyright?
  • mailboxes etc... knuckleheads can't knock on your door at midnight, but conversely, if your site is a scamspam site, the feds can subpoena this info from mailboxes etc and catch up with you

    hereiam@yahoo.com... duh! anonymous free endless email addresses

    so what's the problem? responsibility, accountability, and enough anonymity for the site owners
  • by nougatmachine ( 445974 ) <johndagen&netscape,net> on Sunday July 15, 2001 @07:35PM (#83429) Homepage
    "In 2000, the IDSA used authority provided in the Digital Millennium Copyright Act (DMCA) to achieve approximately 3000 "takedowns" of infringing material on the Internet...These efforts are made much less effective without the unrestricted access we currently have to WHOIS data, including contact information regarding domain name registrants."

    Oh, that's just peachy. For those of you who might not remember, the IDSA is a cartel similar in function to the RIAA and MPAA, but they act on the behalf on software companies. They have shut down web sites containing rom files of games from the 1980's because of "copyright". These are the idiots who seem to think Nintendo is losing money over copies of Mario 3 "illegally" downloaded over the internet.

    Now, I'm not a fan of the RIAA, but at least they have a valid concern-most of their music is still sold! If the IDSA can use Whois to shut down emulation-related websites, I'm all for the option of being "unlisted".

  • If whois won't find us, Google will [google.com]

    Remember, when you are downloading MP3's, you are downloading communism!!!
  • Well heres my comment

    This smacks very very much of an attempt to make access to whois a paid or subscription service - the gist of some of these comments is not that the mailing lists have been made based on the whois but that they have been made for free.

    What committess do these good gentlemen sit on ? what vested interests do they represent ?

    The fact is the whois function can be usefull and should be freely available. If i am being attacked of flamed or spammed on my servers from a domain i should have the right to see who owns that domain and what contact details they have.(which 9 times out of 10 will mean nothing as they wil be false or the domain has been hijacked or they just dont give a fuck but i can dream can't i)

    This is a natural extension from the INTERNIC bullshit and the selling of domain names for profit. One of the posters mentioned that here - and i have had a similar experience - i did a who is search on a domain name on NSI and then filled in the registration details. Upon sedning this of a day or so later i was told this name was registered to - surprise surprise NSI - and i could buy it for a sum from them - this to me smacks of extortion - 'sure you can have the domain name - seeing as how we own it its only gonna cost you $500 (figure not correct)'.

    Then we have the DMCA and their lawyers (or NAZI's as they are otherwise known) these guys are about as subtle as a kick in the gonads and they love whois - they can get contact info to sue you from there - yet they use it to make money as well.

    So heres what i predict. (rubs crystal ball)

    access to whois information will be regulated by the government with legitimate associations (IDSA) and organisations (DOJ) having free or low cost access to it - corporates will no doubt be able to buy a subscription but the rest of us will likely have to pay by the use or get no access.

    Whilst part of me likes the idea of spammers having to pay for this info i become concerned that this is another commodity and yet another way to prevent free access to information on the web - its already hard enough trying to track someone on the web without this being removed.
  • by MLC2012 ( 467954 ) on Sunday July 15, 2001 @08:21PM (#83438) Homepage
    Eliminating or restricting access to whois is folly, really.

    I work for a domain name registrar, which I like to think gives me a better perspective on this issue.

    Removing the info already in the whois database would have some technical consequences most likely ignored by congress and friends. They are:

    a) Registrar-to-registrar domain name transfers would be slowed to a standstill, because without the administrative contact email gleaned from whois, current ICANN transfer regulations would make it impossible to authorise a transfer. The way the current system works depends on the email listed for the admin contact on domain pending transfer -- an auth request email is sent there and, if the email is responded to, the domain is transferred.

    b) Without whois, the only way to verify, pre-propagation, that nameserver changes were succesful would to dig the domain on the box acting as its SOA. Even if you could find out before propagation, how many web-based dig lookups have you seen, compared to web-based whois lookups? 90% or so of domain purchasers have never even seen a command prompt.

    c) As previously mentioned, whois is instrumental in ferreting out spam hierarchies.

    As it stands now, too much is dependant upon the existing whois database. Change it, and you change the way domains are registered and administered. Most domain purchasers are just barely competent enough (and tons still aren't) to handle their domains using the existing system. Changing it now would be counter-productive, at best.

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...