back to article Whois? No, Whowas: Incoming Euro privacy rules torpedo domain registration system

The internet policy world is scrambling as one of the most critical and fiercely contested aspects of the global domain name system – its registration system – has started to fall apart. The Whois system, which publicly publishes the name, address, email and telephone number of every domain name registrant, has been a bone of …

  1. veti Silver badge

    "Whois" is already basically worthless

    ... to anyone but a lawyer, anyway, given the nonexistent quality control/fact checking of the data.

    If you actually want to know who a domain belongs to - then you're dependent on whoever registered it having acted in good faith and entered truthful information. Often, they do. But sometimes, particularly when they have something nefarious in mind - they don't. They'll enter the data of a personal or political or business enemy, or a nonexistent person.

    And there's pretty much nothing to prevent this, apart from the minimal amount of effort it takes to do.

    If you're an IP lawyer, who wants to cover your arse by writing to a domain owner asking for permission to rip off their content - then that doesn't matter. You can write, and when they don't respond within a reasonable time, you can say you've done your due diligence. It's meaningless, but you've done it. Go you.

    But if you're absolutely anyone else, just trying to find out who owns domain.com - it's useless.

    1. Grooke

      Re: "Whois" is already basically worthless

      While I agree with the underlying issue, its still has some uses other than what you've presented.

      When I was working at my country's national CERT, we'd receive lists of potentially vulnerable/infected IPs, and we would try (best effort) to reach out to the owners of those device to help them. For many, we didn't have much more to go on than the whois information.

      Not reliable, but better than nothing.

      1. muhfugen

        Re: "Whois" is already basically worthless

        You worked for a CERT but didnt know about ARIN/RIPE or any other registry?

    2. ElReg!comments!Pierre

      Re: "Whois" is already basically worthless

      Then add to that proxy registrars, and only the people who need to be seen as giving trustworthy info are actually found in the databases.

  2. Alister

    There's an awful lot of FUD being preached in the name of GDPR.

    Article 6.1 states:

    1. Processing shall be lawful only if and to the extent that at least one of the following applies:

    (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

    (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

    (c) processing is necessary for compliance with a legal obligation to which the controller is subject;

    (d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

    (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

    (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

    As far as I can see both (c) and (e) are sufficient to allow for the publication of basic whois information.

    1. katrinab Silver badge

      That allows you to keep a register of domain name owners, and pass details to the police or trading standards. It doesn’t allow you to make it available to everyone who types in whois mydomain.eu

      1. Jonathan Richards 1
        Facepalm

        Alister most usefully posted,

        > ... at least one of the following applies: (a) the data subject has given consent

        whois can continue if every registrant gives permission. I know I did whenever I registered a domain in the past. It does mean that my contact details are available to the public, but then, so are my websites. I'm a damn publisher, so why should I think that I need some sort of anonymity?

        Now, if someone takes my personal information from whois, and abuses it then that someone is the villain, not the domain registry system.

      2. Voland's right hand Silver badge

        That allows you to keep a register of domain name owners, and pass details to the police or trading standards. It doesn’t allow you to make it available to everyone who types in whois mydomain.eu

        Not if this is a contractual condition which is the case for any ICANN approved registrar - they are supposed to relay the contract terms on the end-luser.

        So while there is no policy or law that mandates whois, the contract by itself is actually sufficient in theory. In practice - there is so much legislation conflicting with the contract that it is about time for this to end up in court.

    2. Adam 52 Silver badge

      (e) is clearly not valid because whois is not essential to the domain system. To consider it so would undermine the whole GDPR because Google et al would argue processing of personal data is necessary to run an ad funded search engine

      (c) is also invalid because there is no legal requirement to provide whois. Much as it might like to be ICANN is not a sovereign state capable of passing laws.

    3. Alexander Hanff 1

      And you would be wrong for example:

      6.1c - There is no legal obligation for Whois - it is entirely ICANN policy and nothing to do with law.

      6.1e - Public Interest would not cover a domain registration Whois database

      You should perhaps read some of the Recitals and existing case law.

      The article is actually quire accurate - GDPR does (in my opinion) make existing Whois databases unlawful and I have discussed as much with 2 national tld registrars recently. The key issues you have to look at are whether or not requiring the data be public is proportional to the fundamental rights of the data subject (Art. 8 of the EU Charter) and whether they are necessary. This fails immediately at the first test but even if it didn't, there is no necessity for a public whois database in order for domain registrations to work - they would continue to work even without such public databases. For example, with regards to law enforcement access - it would still be available with the relevant safeguards in place (such as requiring a warrant or court order).

      I was on a committee/consultation a few years back looking at the issue of shutting down "illegal" content by seizing domains which was run by the UK registrar and you would be shocked to hear the methods used by the police to avoid having to use the judiciary as well as how many false positives there are.

      1. tfewster
        Facepalm

        Genuine question to the experts - How about (a) the data subject has given consent to the processing of his or her personal data for one or more specific* purposes: You supply valid contact info, or you don't get a domain?

        I'm all for Registrars vetting the info and restricting public access to "sensitive" stuff, but let's not throw the baby out with the bathwater.

        When I was registering a hospital under the original Data Protection Act, it seemed to me that the hospital was free to sell patient info IF the registration entry stated that intention.

        1. eldakka

          You supply valid contact info, or you don't get a domain?

          This is not about supplying valid contact data, it's about making that data public.

          Having a requirement that you have to make your data public or you don't get a domain could run afoul of other laws, especially as domain registrars are monopolies, therefore would face heightened scrutiny over such contract language.

          1. Nick Ryan Silver badge

            In this case nominet (.co.uk registrar) has this largely correct already because for individuals (which is what GDPR is designed to protect) nominet does not publish the domain owner's contact details. i.e. "Registrant type: UK Individual". If it is a commercial interest that owns the domain name then contact details must be published.

            This does not stop any due legal process around a legal entity requesting genuine details from the registrar or their agent.

            1. EnviableOne
              Holmes

              Problem Solved right there,

              Registrant type: EU Individual

              Contact Registry For access

              Registry requests consent from Individual

              or supplies information under another obligation of section 6.1

              If owned by a public organisation, GDPR does not apply and register as normal, with corporate details

              An individual could have the option to publish information to Whois, but is not compelled to, with a Privacy notice "by selecting this option you agree that this information will be freely available to world+dog"

              it puts a bit more work on the registrar, but is not to hard to implement

        2. Anonymous Coward
          Anonymous Coward

          "You supply valid contact info, or you don't get a domain?"

          This isn't consent. Consent must be freely given from a fully informed position.

          GDPR specifically bans forms of 'consent' where consent is required to access services for which the gathered information is not required.

          For similar reasons, governments are effectively banned from relying on consent as a justification because you cannot freely give consent to a government that can put you in prison for refusing it.

        3. Alexander Hanff 1

          That would also be invalid because it would fail to meet the criteria for "freely given" consent.

        4. ImFM

          "You supply valid contact info, or you don't get a domain?"

          In a way the rules are heading in this direction. Email addresses are already validated (otherwise the domain is suspended), some registrars validate phone numbers. Next step being worked on is validating postal addresses (but not by sending anything to them at this point), but just checking if they have a valid format. Of course this means you can still use someone else's postal address that is valid, though.

        5. Dave Bell

          We had that very sweeping permission request several times when my mother was still alive, standard for-any-purpose wording with nothing about the reason. Once it was simply to arrange a hospital appointment.

          I have a feeling that such official abuse of older laws was why the GDPR has its emphasis on informed consent.

          I don't know how the rest of the EU compares, but I am left with a feeling, looking at current politics, that the abusive manipulation will continue, whether we stay in the EU or not. It is government in Britain that is the big problem, in all sorts of ways.

          1. Loud Speaker

            The entire point of Brexit was to return "sovereignty" to our devious, manipulating scumbags of MPs, not to return it to the people, who probably were in a better position with the EU.

            The Foxes are very keen to get control of the hen house from the farmer - as seen in a Warner Bros cartoon.

      2. Anonymous Coward
        Anonymous Coward

        > You should perhaps read some of the Recitals and existing case law.

        @Alexander Hanff 1 can you provide references please?

    4. yoganmahew

      Agreed (in so far as existing privacy legislation should cover it), but logging all the lookup requests would be interesting...

      You can add to it the FUD that the rules also apply to European 'residents' (data subjects residing in the EU), not 'citizens'. Nowhere does the law limit to 'citizens'.

      edited based on responses above...

  3. Anonymous Coward
    Anonymous Coward

    Can someone offer a TLDR please?

    From a personal / small business point of view.... Obviously larger corps especially shady ones like to hide behind non-descriptive / untraceable details in the Who-Is fields. However lots of honest small-biz / personal websites find their 'home addresses' listed there. This is done without consultation, which is obviously not good in-a-scammers-world as regards domain hijacking and just for general privacy etc. So what's going to change, anything to benefit small-biz / personal-website users?

    1. Jamie Jones Silver badge

      Re: Can someone offer a TLDR please?

      The person/organisation who owns a domain currently has to have their details listed publicly.

      After the law, they won't.

  4. mark l 2 Silver badge

    I used Freenom to register my domains and they offer free whois privacy service which puts their own address as the mailing address and a random email address that redirects any enquires to the email I used when registering the domain. Law enforcement could still get my real details but scammer and spammers have no real address to bother me on.

  5. John Savard

    Problem?

    I don't see where the problem is.

    Either Europe can enact an amendment to their privacy laws that allows the whois system to continue as it is, or every web site in Europe can just tell people how to connect to it using its IP address, as ICANN would just stop accepting domain registrations from registrars that did not fulfill its requirements.

    Presumably, it wouldn't take very long for the governments of Europe to realize they had no alternative... except, of course, to construct their own system of registering domain names, and so to access European web sites, one would have to go to a DNS server affiliated with that instead of ICANN.

    1. Tom Paine

      Re: Problem?

      If whois had never been invented, then (all other things being unchanged) DNS would work exactly as it does today.

    2. Gordon 10
      FAIL

      Re: Problem?

      Whois<>DNS

    3. Jamie Jones Silver badge

      Re: Problem?

      @John Savard:

      Some politicians come up with rules to help people maintain their privacy, and you just think ICANN can and should just blackmail them into submission?

      This raises a few questions.. Is this amount of "freedom" for Europeans too "commie" for your liking?

      Do you run one of those register-by-proxy schemes where people have to pay for their privacy?

      As an aside, you obviously don't realise how powerful Europe is, or indeed how the internet works..

      If ICANN tried to block Europe, European ISPs would have to set up their own root servers... No biggie. Many are run within Europe already.

      If there was *finally* a viable alternative-root, other countries would migrate to it in droves to get away from the ICANN bullshit, draining them of any power they have.

      They know this. You even have groups like ORSN who could take over at a 'flick of a switch' - the infrastructure is already in place https://en.wikipedia.org/wiki/Open_Root_Server_Network

      See also https://en.wikipedia.org/wiki/Alternative_DNS_root

    4. Anonymous Coward
      Anonymous Coward

      Re: Problem?

      "as ICANN would just stop accepting domain registrations from registrars that did not fulfill its requirements."

      Oh, you forget that ICANN isn't US owned corporation so they'll do what legislation says or lose power. ICANN already has a lot of negative facts against it and something really stupid like that would lead only rest of the world ditching ICANN altogether and putting something their own instead.

      ICANN is useless without internet but internet doesn't need ICANN: that's the marching order here.

  6. Anonymous Coward
    Anonymous Coward

    Other than substituting (f) for (c), I agree with @Alister

    It seems to me to be arguable that

    - there is at least a "legitimate interest" (f), if not also a public interest (e), in ICANN's maintenance of a public register.

    - ICANN _is_ the relevant official authority, ie. the body performing IANA functions. Its regulations/policies are the regulatory basis on which the DNS system is operated.

    Afaics GDPR does not define "official authority" although in parts it seems this is intended to refer to bodies "of government" in one way or another. Preamble para 47 covers legitimate interest basis, and in para 45:

    "Where processing is carried out [...] in the exercise of official authority, the processing SHOULD have a basis in Union or Member State law."

    ICANN is perhaps unusual in being an OPERATIONAL and regulatory body established by constitution/consensus, rather than by law as such, or as an organ of the UN (such as the WHO and ITU). This might raise a question mark over certain processing by such consensus-led transnational organisations as IEC/ISO who might be afforded "official authority" status if not otherwise defined.

    1. Alexander Hanff 1

      f fails for exactly the same reasons as e - the balance of the fundamental rights of the data subject. It is not necessary or proportionate for this data to be public - ICANN could run the system as a private registry and require legal instruments be used for access.

      And no ICANN is not an official authority and trying to argue that in Europe would fail dramatically - there is absolutely no way any EU member state (or pretty much any other state in the world other than perhaps the US) who would agree to ICANN being classed as an official authority. They are nothing more than a body setup to manage dns infrastructure and that in and of itself is not without controversy.

      1. Gordon 10

        Whilst I agree that it’s likely to fail I don’t think it’s a total slam dunk. I think an arguement based on the need to support world Intellectual Property systems whilst would ultimately fail would at least be considered an arguement worth having in court, and nonwilful infringement is unlikely to generate a mega fine.

        1. Alexander Hanff 1

          No it really is a slam dunk - there are legal instruments available to obtain the data without it being in the public domain - so it is a slam dunk, it is not proportionate and it is not necessary.

      2. Anonymous Coward
        Anonymous Coward

        I think it is unreasonable to require every domain to be publicly registered, but the opt-out-of-public-WHOIS criteria available for some (eg. individual [.x].uk registrants) overcomes such issues in principle, even if open to abuse.

        My suggestion that ICANN might be considered an "official authority" is made in the absence of any particular definition of which I am aware. In its domain (no pun intended) its role includes co-ordination, legislation, policy development, regulation, binding dispute resolution and a sort of supervision of regional registries which I suggest would qualify as "official authorities" in their own right with appropriately limited scope. If the DNS system is not subject to the law of any one nation state or regional bloc, and ICANN exercises those powers and responsibilities, only a restrictive definition can deny it such legal status, but isn't it precisely that in effect?

      3. Anonymous Coward
        Anonymous Coward

        I agree a partially private registry would be appropriate in many cases (eg for family websites/blogs etc) but there is a strong public interest argument in favour of open domain registration, at least by non-private-individual registrants, for the same reasons (amongst others) that, at least in the UK, company registrations are public. That is not to say some will not cheat the system by providing false information etc, but at least the policy environment encourages transparency.

        1. Anonymous Coward
          Anonymous Coward

          Individuals private in other countries, too

          CIRA: "The Registrant name and administrative and technical contact information of non-individual Registrants, such as corporations, is displayed by default. The Registrant name and Administrative and technical contact information of individual Registrants, such as Canadian citizens or permanent residents is not displayed in WHOIS."

          AFNIC: "However according to the French Data Protection Act (January 6th, 1978), personal data concerning the individuals holders (first name, last name, address, phone number, fax number, email address) is protected and is not published. This process called restricted publication is applied by default unless the opposite is requested by the holder."

    2. Nick Ryan Silver badge

      "Public authorities" refers to organisations that are considered, by their national government or whatever, to be one. In the UK this is determined within the FOIA (Freedom of Information Act), the relevant schedule is http://www.legislation.gov.uk/ukpga/2000/36/schedule/1.

    3. Anonymous Coward
      Anonymous Coward

      > "Where processing is carried out [...] in the exercise of official authority, the processing SHOULD have a basis in Union or Member State law."

      On second thoughts, if (or perhaps where) "official authority" = government, this is perhaps better viewed as a protection against arbitrary "official" collection/retention etc... but what value "should"?

    4. Anonymous Coward
      Anonymous Coward

      "- ICANN _is_ the relevant official authority, "

      Only in US. Anyone in EU sees it as a private association without any official status outside mutual agreement. Heavy influence by US government but nothing official.

      That's basically nothing from legal point (or GDPR) of view

  7. Anonymous Coward
    Anonymous Coward

    I doubt this will change anything...

    "Put most simply, GDPR requires businesses to get the consent of people to gather, store and process their information."

    So next in the domain registration process: "by registering this domain you give your consent for us to put your data into the ICANN WHOIS database for all to see". And if people don't check the box they won't be able to register the domain.

    1. Anonymous Coward
      Anonymous Coward

      Re: I doubt this will change anything...

      Which would be a breach of the law as it is not required for dns to work. Consent must be given freely. Denying the service where the data is not necessary is not an option.

      1. Alister

        Re: I doubt this will change anything...

        Which would be a breach of the law as it is not required for dns to work.

        It's not got anything to do with DNS, as such, just domain registration.

    2. Anonymous Coward
      Anonymous Coward

      Re: I doubt this will change anything...

      > "by registering this domain you give your consent for us to put your data into the ICANN WHOIS database for all to see". And if people don't check the box they won't be able to register the domain.

      Unlikely to work as the disclosure is not proportionate, and the terms are likely sufficiently one-sided for it to not constitute informed consent (where the balance of power between two entities is sufficiently unequal, extra restraints come into play) - basically, there's a section of the law worded to prevent exactly this.

    3. Anonymous Coward
      Anonymous Coward

      Re: I doubt this will change anything...

      "And if people don't check the box they won't be able to register the domain."

      Extortion like that is specifially defined as illegal under GDPR: Every piece of information must be given voluntarily and without consequences if you choose not to give it.

    4. Anonymous Coward
      Anonymous Coward

      Re: I doubt this will change anything...

      > "Put most simply, GDPR requires businesses to get the consent of people to gather, store and process their information."

      That notion is being promoted by the media, along with an absolute right to be forgotten, but neither is absolute.

      Please see article 6 section 1(b)-(f) re the former, and art 15, right to REQUEST erasure, heavily qualified by art 17, re the latter.

      http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

      I almost wish it was available to the public so journalists could have a clue.

    5. Alexander Hanff 1

      Re: I doubt this will change anything...

      Again this fails consetn requirements under GDPR which states consent must be freely given and cannot be a condition of the requested service.

  8. Anonymous Coward
    Anonymous Coward

    Works for me

    Since neither ICANN nor the EU can organize a p***-up in a brewery, having them agree on something is a terrifying idea. Long may their confusion allow the rest of us to get on with life.

    As somebody already pointed out, many an ISP offers a WHOIS privacy option if you don't want your details made open. Works for me.

  9. Anonymous Coward
    Anonymous Coward

    If you want to keep your domain name contact details secret, first question why? Won't there be some means of contact on your web site? For businesses Companies House provides plenty of info (free). All the regristrars I deal with offer a Domain Privacy option but if one of my clients asked for privacy I'd register in their name but my contact details (answerphone and domains@... email). Will telephone directories be made illegal too?

    1. Anonymous Coward
      Anonymous Coward

      If you want to keep your domain name contact details secret, first question why? Won't there be some means of contact on your web site?

      Not necessarily. Usually the reason I've had to do a Whois search is because some dipshit company/site doesn't have contact information (or the "contact" links are broken), and someone is in need of a severe smacking.

    2. katrinab Silver badge

      "Will telephone directories be made illegal too?"

      In the UK, being in the telephone directory is optional, and almost nobody opts in to it these days.

    3. Anonymous Coward
      Anonymous Coward

      Since when did a domain name mean you had a website, let alone one with contact details on it? You may be surprised to know but the internet is not just websites.

    4. Dr Paul Taylor

      If you want to keep your domain name contact details secret, first question why?

      Maybe you're a Remoaner, SabotEUr or Enemy of the People but would like to avoid the DIY trials for Treason that have been offered to prominent figures. www.euinbrum.org

    5. Anonymous Coward
      Anonymous Coward

      Companies house publishing personal data

      Well isn't Companies House a similar problem as WHOIS? I think they have an exemption under current DPA but will this continue to be the case under GDPR?

      1. EnviableOne

        Re: Companies house publishing personal data

        Companies house is the public record of limited companies

        you dont have to have your address listed, providing details are maintained and available

        at the registered office address, and then all you have to provide is a name.

  10. Mage Silver badge
    Flame

    Spam

    half my spam is from people using WhoIS.

    A lot of it is "SEO offers" disguised as Domain Renewals. I'm sure some people are taken in.

    WhoIs data should only be available via a warrant.

  11. tiggity Silver badge

    faulty whois details

    Details of a domain I have are (mainly) inaccurate on whois.

    ..only accurate part is email address, which is one of mine.

    This domain is for a non profit organisation, remainder of the whois details are relating to previous volunteer who maintained the web site.

    Not deliberate, just one of those things where it was not a high priority; as long as we could pay to renew domain & get reminder notifications via email (in case we forget!) then it did not affect a volunteer group (not a registered charity or anything so no legal need for all is dotted / ts crossed on domain paperwork ).

    If anything domain related had been sent by post, the retired volunteer would have passed it on anyway.

    So, given the minimal validity checking of domain "owner" as recorded by whois (payments are not made from account of the "owner") I would expect only people with a legal need to have all the details tidy would actually have bothered to provide accurate details (and kept the updated)

  12. DJV Silver badge

    difficult bind

    "The outright refusal by registries to accept ICANN's contractual terms and provide a Whois lookup service puts the DNS overseer in a difficult bind"

    "bind" - ah, I see what you did there...

  13. This post has been deleted by its author

    1. Commswonk

      Re: Whois should be destroyed and kept destroyed. Living open is not always a good thing.

      The WHOIS listing had all her information. Name, address, phone.

      My starting point is that IANAL, which may explain my bafflement. If data currently available using "whois" will be outlawed by GDPR, how does this square with the data that is available from Companies House being, er, available? I noticed that someone earlier in this thread mentioned C/H but without making the obvious comparison. (If they did and I missed it then... mea culpa.)

      On the face of it if "whois" data is to be banned, how can Companies House data escape the same ban? The only answer that I can see is that if you want to register a company (and/or be a director thereof) then that information being publicly available must be a specific legal requirement.

      It is difficult to see why the same should not apply to domain registrations, although I have every sympathy with the young lady mentioned above.

  14. a_yank_lurker

    Much Ado About Almost Nothing?

    It seems the only issue is whether the database is public or private as someone actually owns the domain. So the question becomes how to treat owning a domain. Is considered something like real estate with the owner registered and the information available for public inspection (may be not online)? Or is considered something closer to a diary which probably contains private and very personal information? If the first then the registrant's info would be routinely available but if the latter then the info is kept private. I think good arguments exist on both sides so how the EU privacy laws actually will work is probably murky right now.

    As far as keeping the registration generally private as a matter routine, I see no real reason to object. The only issues would be what situations would allow someone to get access to the registration and who has the authority to grant the access. For ICANN, they need to get their heads out of their arses and smell the roses.

  15. Anonymous Coward
    Anonymous Coward

    Couple of bits

    (mostly so I can have a go at being comment 53 on the story)

    1. Intellectual property lawyers - ok, happy to listen to their concerns once they suggest a meaningful way to manage patent trolls (one that includes direct, personal sanctions against the attorneys representing a troll)

    2. Why not give ICANN a set of duties - they can hold the information, but anything they make public must be accurate at all times, they are responsible for any abuse, and must provide the domain registrant, free of charge and on demand, the identity of everyone doing a whois lookup that contains personal information? Impossible barriers, but whois is not a necessary part of DNS anymore than a published phone book is a necessary part of a mobile network ....

  16. John Stirling

    Trouble both ways

    Whilst whois is not a necessary part of dns, attribution is a necessary part of freedom of speech. If I'm a local business called xxxx then having someone register xxxxareabunchofcocks.com is a nuisance, and with having no register of ownership I have to prove criminal infringement rather than merely damages (a civil matter) to get the name of the tosser who's trying to defame me.

    Without a name then I have no hope beyond the oh so marvellous, timely, and effective dispute resolution rules which will utterly fail me unless I'm a) a huge lawyered up entity, or b) able to show I should actually take control of xxxareabunchofcocks.com, which I won't be able to do since it isn't passing itself off as me.

    So I understand the privacy thing, but it shouldn't provide a right to complete civil anonymity without recourse.

    1. Charles 9

      Re: Trouble both ways

      Bit what if the spoof site can demonstrate a legitimate beef, making it a protest site which offers more protection?

      See, it can cut both ways, and there is some unfortunate overlap, meaning collateral damage is inevitable, so which direction would you prefer government to err?

  17. Anonymous Coward
    Big Brother

    The Whois system publishes every domain name registrant

    "The Whois system, which publicly publishes the name, address, email and telephone number of every domain name registrant"

    Except when people use a DNS anonymising service such as Domains by Proxy. Except DBP will give up your details if you become in a commercial dispute. ref

  18. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like