Login
Login

domain privacy

{{Short description|Domain name registrar service}}

Domain privacy (often called Whois privacy) is a service offered by a number of domain name registrars.{{Cite journal|last=Elliott|first=Kathryn|title=The who, what, where, when, and why of WHOIS: Privacy and accuracy concerns of the WHOIS database|journal=SMU Sci. & Tech. L. Rev.}} A user buys privacy from the company, who in turn replaces the user's information in the WHOIS with the information of a forwarding service (for email and sometimes postal mail, it is done by a proxy server).

Level of anonymity

Registrars typically collect personal information to provide the service. Some registrars take little persuasion to release the so-called 'private' information to the world, requiring only a phone request or a cease and desist letter.{{Cite web| title=Private domains not so private? | publisher=CNET News.com | date=2005-08-15 | access-date=2016-02-03 | url=http://www.cnet.com/uk/news/private-domains-not-so-private/ }}{{Cite web| title=More on Domains By Proxy | author=Thomas Roessler | date=2003-04-15 | url=http://log.does-not-exist.org/archives/2003/04/15/299_more_on_domains_by_proxy.html }}{{Cite web | title=proxy fight [Domains-by-proxy update] | author=Wendy Seltzer | date=2003-04-11 | access-date=2008-06-16 | url=http://wendy.seltzer.org/blog/archives/2003/04/11/proxy_fight_domains_by_proxy_update.html | url-status=dead | archive-url=https://web.archive.org/web/20080605230455/http://wendy.seltzer.org/blog/archives/2003/04/11/proxy_fight_domains_by_proxy_update.html | archive-date=2008-06-05 }} Others, however, handle privacy with more precaution, using measures including hosting domain names offshore and accepting cryptocurrencies for payment so that the registrar has no knowledge of the domain name owner's personal information (which would otherwise be transmitted with credit card transactions). It is debatable whether or not this practice is at odds with the domain registration requirement of the Internet Corporation for Assigned Names and Numbers (ICANN).

=Privacy by default=

Some top-level domains have privacy caveats:

  • .al: No information about the owner is disclosed.
  • .at, .co.at, .or.at: Since May 21, 2010, contact data (defined as phone number, fax number, e-mail address) is hidden by the registrar and must be explicitly made public.{{Cite web | title=Change of nic.at Whois policy | author=nic.at GmbH | author-link=Nic.at | date=2010-05-21 | access-date=2014-05-05 | url=http://www.nic.at/en/uebernic/current_issues/nicat_news/news_view/article//aenderung-der-whois-policy-bei-nicat/ | archive-url=https://web.archive.org/web/20140606215347/http://www.nic.at/en/uebernic/current_issues/nicat_news/news_view/article//aenderung-der-whois-policy-bei-nicat/ | archive-date=2014-06-06 | url-status=dead }}
  • .ca: Since June 10, 2008, the Canadian Internet Registration Authority no longer posts registration details of individuals associated with .ca domains.
  • .ch and .li : Since 1st January 2021 Whois information is private by default and can be obtained only in limited cases{{Cite web|title=Information service - Lookup - Internet Domains|url=https://www.nic.ch/whois/domaininfo/|access-date=2021-01-30|website=www.nic.ch}}
  • .de: Since May 25, 2018, the German Internet Registration Authority denic put extensive changes into force for the Whois Lookup Service. With a few exceptions, third parties can no longer access domain ownership data.{{Cite web|url=https://www.denic.de/en/whats-new/press-releases/article/denic-putting-extensive-changes-into-force-for-de-whois-lookup-service-as-of-25-may-2018/|title = DENIC Putting Extensive Changes into Force for .DE Whois Lookup Service by 25 May 2018}}
  • .eu: If the registrant is a natural person, only the e-mail address is shown in the public Whois records unless specified otherwise.{{cite web| title= .eu domain name WHOIS policy| access-date=2016-04-29 | author=EURid| url=https://eurid.eu/en/other-infomation/whois-policy}}
  • .fi: Individual persons' data is not published (changed in 2019), but for companies, associations, etc., data is published.
  • .fr: By default, individual domain name holders benefit from the restricted publishing of their personal data in the AFNIC public Whois.{{cite web| title= AFNIC Data publication and access policy| access-date=2017-06-26 | author=AFNIC| url=https://www.afnic.fr/en/resources/reference/registry-policies/data-publication-and-access-policy-1.html}}
  • .it: Contact data of individuals is not published unless consent is given explicitly. For companies, data is always published. Proxy services are not allowed.{{Cite web |date=2022-05-30 |title=La politica del Registro .it sul Database dei Nomi Assegnati (DBNA) e sul servizio WHOIS |url=https://www.nic.it/sites/default/files/documenti/2022/Whois_policy_v_2_2.pdf |website=NIC.it}}
  • .gr: No information about the owner is disclosed.
  • .is: May hide address and phone number.
  • .nl: Since January 12, 2010, registrant postal addresses are no longer publicly available.{{cite web|url = http://tweakers.net/nieuws/64894/sidn-anonimiseert-whois-gegevens.html|title = SIDN anonimiseert whois-gegevens|last1 = Van Miltenburg|first1 = Olaf|date = 12 January 2010|language = nl|trans-title=SIDN anonymizes whois data|access-date = 4 September 2014|website = Tweakers}}{{cite web|url=http://www.sidn.nl/ace.php/c,728,6253,,,,SIDN_implements_Whois_changes_from_12_January_2010.html|title=SIDN implements Whois changes from 12 January 2010|date=1 January 2010|publisher=SIDN|archive-url=https://web.archive.org/web/20100129030637/http://www.sidn.nl/ace.php/c,728,6253,,,,SIDN_implements_Whois_changes_from_12_January_2010.html|archive-date=29 January 2010|access-date=4 September 2014}}
  • .ovh: Contact data is hidden by the registrar and must be explicitly made public.
  • .uk: Nominet, the guardian of UK domain namespace, provide domain privacy tools on their extensions (.co.uk, .me.uk etc.), providing that the registrant is not trading from the domain name.{{Cite web| title=Nominet WHOIS Opt Out | author=Nominet | url=http://www.nominet.org.uk/uk-domain-names/about-domain-names/domain-lookup-whois/opt-out }} While the home address of the registrant can be hidden, the full name cannot.
  • .ro: No information about the owner is disclosed.{{Citation needed|reason=Empiric evidence says some domains show the owner data. A source is needed for either claim|date=May 2023}}

=Privacy forbidden=

  • .br: As of April 2022, the domain registration contract{{Cite web |last=NIC.BR |first=Núcleo de Informação e Coordenação do Ponto BR |date=April 25, 2022 |title=Contrato para registro de nome de domínio sob o ".br" |trans-title=Contract for registration of domain name under ".br" |url=https://registro.br/dominio/contrato/#:~:text=III.%20estar%20ciente%20de%20que%20parte%20dos%20dados,pa%C3%ADs%2C%20dados%20do%20contato%20titular%20e%20do%20contato%20t%C3%A9cnico. |website=registro.br |language=Portuguese |quote=III. estar ciente de que parte dos dados informados pelo REQUERENTE no momento de requisição de registro de nome de domínio ficarão disponíveis à consulta pública por meio do serviço de diretório do REGISTRO.br. Esses dados são publicados para permitir a identificação dos responsáveis pelos domínios registrados sob o ".br", de forma a garantir a transparência na atividade de registro e a responsabilização daqueles que utilizarem esse recurso de forma abusiva, tornando a Internet mais segura e a sua governança mais transparente a toda sociedade. a) Para domínios de titularidade de pessoa jurídica serão publicados o nome empresarial, número do CNPJ, país, nome do responsável, endereço, telefone, dados do contato titular e do contato técnico. b) Para domínios de titularidade de pessoa física, serão publicados o nome, CPF, país, dados do contato titular e do contato técnico.}} requires the publication of name, email, country, and CPF number for all domains. Additionally, if the domain owned by a company, the company's phone number, address, and CNPJ number must also be public. Access to some of these details requires passing a CAPTCHA at [http://whois.registro.br/ whois.registro.br].
  • .us: In March 2005, the National Telecommunications and Information Administration (NTIA) said that owners of .us domains will not have the option of keeping their information private, and that it must be made public.{{Citation needed|date=July 2024}}
  • .in: Registrants for Indian domain names may not use any proxy or privacy services provided by registrars.{{Cite web| author=Registry.in | title=Terms and Conditions for registrants | url=https://registry.in/system/files/Terms_and_Conditions_for_Registrants_1_0.pdf }}
  • .au: Any Australian domain names ends with .au is forbidden from privacy due to the law. While most of the information are public, some of the information such as the street address, telephone and fax numbers of registrant is hidden.{{cite web |url=https://www.domainregistration.com.au/infocentre/info-private-registration.php |title = Domain Privacy and Australian Domain Names {{!}} Domain Registration AU}}

Implications

The Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires the mailing address, phone number, and e-mail address of those owning or administrating a domain name to be made publicly available through the "WHOIS" directories. However, that policy enables spammers, direct marketers, identity thieves, or other attackers to use the directory to acquire personal information about those people. Although ICANN has been working to change WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.{{cite web|title=The Privacy Conundrum in Domain Registration|url=http://www.actnowdomains.com/the-privacy-conundrum-in-domain-registration.htm|publisher=Act Now Domains|access-date=26 March 2013|archive-date=7 March 2023|archive-url=https://web.archive.org/web/20230307052709/http://www.actnowdomains.com/the-privacy-conundrum-in-domain-registration.htm|url-status=dead}} However, with the offer of private registration from many registrars, some of the risk has been mitigated.

Researchers in the industry have worked on improving the design of the domain name system, in order to reduce the likelihood of attackers compromising the infrastructure. They have done so by allowing for varying options and adjusting the guidelines of how they operate.{{Cite journal |last=Khormali |first=Aminollah |last2=Park |first2=Jeman |last3=Alasmary |first3=Hisham |last4=Anwar |first4=Afsah |last5=Saad |first5=Muhammad |last6=Mohaisen |first6=David |date=2021-02-11 |title=Domain name system security and privacy: A contemporary survey |url=https://www.sciencedirect.com/science/article/pii/S1389128620313001 |journal=Computer Networks |volume=185 |pages=107699 |doi=10.1016/j.comnet.2020.107699 |issn=1389-1286|arxiv=2006.15277 }}

Litigation

With the help of "private registration", the service can be the legal owner of the domain. This has occasionally resulted in legal problems. Ownership of a domain name is given by the organization name of the owner contact in the domain's WHOIS record. There are typically four contact positions in a domain's WHOIS record: owner, administrator, billing, and technical. Some registrars will not shield the owner organization name in order to protect the ownership of the domain name.{{Cite web|title=1 Introduction & Background to Whois {{!}} Generic Names Supporting Organization|url=https://gnso.icann.org/en/issues/whois-privacy/tf-report-15mar06.htm#|access-date=2021-04-20|website=gnso.icann.org}}

There has been at least one lawsuit against Namecheap, Inc. for its role as owner/registrant;{{cite web |url=http://randazza.files.wordpress.com/2009/05/solid-host-v-namecheap.pdf |title=SolidHost v Namecheap}} Namecheap lost its motion to dismiss. Silverstein v. Alivemax, et al. Los Angeles Superior Court Case Number BC480994 was dismissed in May 2014.{{Cite web|url=https://www.lacourt.org/casesummary/ui/|title=Case Summary - Online Services - LA Court|website=www.lacourt.org|access-date=2018-08-13}} Silverstein is well known for his anti-spam and email privacy campaigns, most notably in the case of William Silverstein v Keynetics, Inc., No. 17-15176 (9th Cir. 2018), but this was decided for Keynetics in March 2018.{{Cite news|url=https://www.lawteacher.net/cases/silverstein-v-keynetics.php|title=Silverstein v Keynetics, Inc|access-date=2018-08-13|language=en}}

Ownership of domains held by a privacy service was also an issue in the RegisterFly case, in which a registrar effectively ceased operations and then went bankrupt. Customers encountered serious difficulties in regaining control of the domains involved.{{cite web|url=http://www.cbronline.com/news/anger_and_fear_as_domain_firm_slowly_implodes|title=Anger and fear as domain firm slowly implodes|work=Computer Business Review|date=February 21, 2007|access-date=December 11, 2013}} ICANN has since remedied that situation by requiring all accredited registrars to maintain their customers' contact data in escrow. In the event a registrar loses its accreditation, gTLD domains, along with the escrowed contact data, will be transferred to another accredited registrar.{{citation needed|date=July 2017}}{{Cite journal|last=Elliott|first=Kathryn|date=2009|title=The Who, What, Where, When, and Why of WHOIS: Privacy and Accuracy Concerns of the WHOIS Database|url=https://cpb-us-w2.wpmucdn.com/smulawjournals.org/dist/8/7/files/2018/11/4_The-Who-What-Where-When-and-Why-of-WHOIS_-Privacy-and-Accurac.pdf|journal=Science and Technology Law Review|volume=12|access-date=2020-10-30|archive-date=2023-03-29|archive-url=https://web.archive.org/web/20230329192904/https://cpb-us-w2.wpmucdn.com/smulawjournals.org/dist/8/7/files/2018/11/4_The-Who-What-Where-When-and-Why-of-WHOIS_-Privacy-and-Accurac.pdf|url-status=dead}}

See also

References

{{Reflist}}

External links

  • {{cite web|url=https://www.wired.com/2005/03/domain-owners-lose-privacy/|title=Domain owners lose privacy|last=Zetter|first=Kim|publisher=Wired|date=4 March 2005}}

{{DEFAULTSORT:Domain Privacy}}

Category:Domain Name System

Category:Internet privacy