Re: Is WHOIS going to go away?

[bzs () theworld com]

Inline...

On April 20, 2018 at 03:47 farzi () gatech edu (Badiei, Farzaneh) wrote:
> Dear John,
>
>
> The days when some in the technical community could just discard others
> arguments by saying that  "[you] have no idea how the Internet works" have long
> passed. I will not get intimidated nor will I step back. Old tricks, won't
> work, it's as old as the dysfunctional WHOIS and will disappear.

No one responded most likely because you are speaking to a vast "room"
of engineers etc and just said WHOIS is "old and dysfunctional"
without a single word as to why you believe this to be the case.

The DNS system is almost exactly the same age, is that also a problem?

At least that's what pops into a technical person's mind.

And "dysfunctional" seems like it's based on assumptions others here
may not share.

So we are left to guess whether you have any idea how any of this
works, it's an article of faith?

Challenging someone's understanding of a system they are criticizing
is not "intimidation", it's just an assumption lacking any evidence to
the contrary.

And TBH "it will disappear" sounds like a purely political threat.

We shall see in the fullness of time...in about 20 years ICANN has
failed to do much anything regarding WHOIS other than talk about it a
lot.

> Also your last paragraph obliges me to clarify: it's not always a "he" that
> might be arguing! it's sometimes, though might it be rarely, a "she". 
>
>
> No one asked to protect people from their governments (I have heard this before
> as well). But also people should not be endangered or even minimally disturbed
> by making their personal information public. There are many many scenarios when
> personal information can be abused, and governments might not be involved.

So why aren't current privacy options sufficient?

Why not, as I have suggested in many forums now, just move the
publicly visable information into the DNS and thus completely under
the domain owner's control?

Why does ICANN simultaneously press for the accuracy (and precision)
of this information while bemoaning its public availability?

Well, there are reasons, I could answer that I suppose.

But disconnecting the public function of WHOIS from the business need
for customer information seems like a reasonable approach.

As is even stated in the relevant RFCs WHOIS is a public directory of
domain owners and contact information.

Not very different from a phone directory, and with similar provisions
for privacy.

It's not like the IETF et al created WHOIS out of thin air, it was
intended to be a lot like a phone (or similar) directory.

> I might not know as much as you do about how the Internet works. But I know one
> thing: There will be a change. The convenience of security researchers and
> trademark owners is not going to be set above domain name registrants right to
> data protection. But I am sure the cybersecurity community can come up with a
> more creative way of preserving cybersecurity without relying on using personal
> information of domain name registrants and violating their rights! 

But the current ICANN proposals as I understand them make all this
information available to anyone who can pay the price or meet certain
criteria which don't seem terribly exclusive other than "those we
respect vs those we don't".

They've proposed a "tiered access".

Which sounds to me more like an intent to monetize WHOIS not protect
its content in general.

Or is only allowing for example folks like Cambridge Analytica or
other vast and well-funded opinion and marketing organizations access
somehow a protection of "rights"?

One problem with that sort of access is that once it's out there, it's
out there!

One can write rules about "legitimate" use and redistribution but as
we see every day breaches and just disregard for such rules are
rampant.

Why pretend that making WHOIS non-public will protect anyone?

The current system has its appeal, it's public information, if you do
not want your information public there are various ways to protect
your own information (e.g., check that privacy box, pay a third party
proxy, etc.)

And for that matter one of those "access tiers" is "law enforcement",
what government won't meet that criteria?

Is there some intent by ICANN to vet "good" governments vs "bad"
governments when granting law enforcement general access?

Note: This is not search warrant type access, it's general access to
the entire WHOIS database without prior restraint.

And there's still that annoying question about warrantability of this
supposed protection of privacy.

You really haven't spent a word answering any of the issues raised
here, you mostly complained about the pronouns used. They might be
valid complaints, but they're not sufficient to provide a response to
the issues.

P.S For the record we know each other from ICANN meetings and Farzaneh
can do a lot better than this.

> Farzaneh 
>
>
>
>
> In article <23257.12824.250276.763926 () gargle gargle HOWL> you write:
> > So you think restricting WHOIS access will protect dissidents from
> > abusive governments?
> >
> > Of all the rationalizations that one seems particularly weak.
>
> Oh, you're missing the point.  This is a meme that's been floating
> around in academia for a decade: the brave dissident who somehow has
> managed to find web hosting, e-mail, broadband, and mobile phone
> service but for whom nothing stands between her and certain death but
> the proxy whois on her vanity domain.
>
> If someone makes this argument you can be 100% sure he's parroting
> something he heard somewhere and has no idea how the Internet actually
> works.
>
>
>
> -------------------------------------------------------------------------------
> From: NANOG <nanog-bounces () nanog org> on behalf of John Levine <johnl () iecc com>
> Sent: Thursday, April 19, 2018 10:43 PM
> To: nanog () nanog org
> Cc: bzs () theworld com
> Subject: Re: Is WHOIS going to go away?
>  
> In article <23257.12824.250276.763926 () gargle gargle HOWL> you write:
> > So you think restricting WHOIS access will protect dissidents from
> > abusive governments?
> >
> > Of all the rationalizations that one seems particularly weak.
>
> Oh, you're missing the point.  This is a meme that's been floating
> around in academia for a decade: the brave dissident who somehow has
> managed to find web hosting, e-mail, broadband, and mobile phone
> service but for whom nothing stands between her and certain death but
> the proxy whois on her vanity domain.
>
> If someone makes this argument you can be 100% sure he's parroting
> something he heard somewhere and has no idea how the Internet actually
> works.
>
> R's,
> John

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*