Re: [ga] A story about Whois and privacy

["Richard Henderson" <richardhenderson@ntlworld.com>]

As Leah and I have pointed out (separately) several times on this list, the
public disclosure of personal details in the WHOIS can endanger life and
intimidate people.

Anyone who has, for example, been seriously stalked will know the fear and
heart-wrenching pressure you can be exposed to, and I think it is wholly
unacceptable to have any policy which insists on publication of personal
details.

As a result of a determined female stalker with a psychiatric history and
obsessive personality, my family and I moved home and have had an
ex-directory telephone number for 9 years. The one chink in this armour is
the existence of our details on WHOIS files, which leaves me feeling exposed
(though I have formed a judgement that the person in question is unlikely to
be computer literate).

Other people may be less lucky.

I know there are some registrars who will mask your details for you, and I
think that is absolutely necessary. I believe that WHOIS details (perhaps
apart from e-mail address) should be kept private, retained only on a secure
list, where people can obtain the details only on the basis of a court
order. If people wish to disclose their personal details on the WHOIS files,
fine. But what is not acceptable is that people's right to privacy (and
right to safety) should be jeopardised.

If someone abuses their domain name rights (eg by perpetrating fraud or
misrepresentation to the financial harm of others) of course the injured
parties should have legal recourse and police should be allowed legal access
to details if a judge agrees.

But most domain name registrants are just going about their daily lives
legally and decently. Their details should not be published on the WHOIS
files unless they want them to be.

Sincerely,

Richard Henderson



----- Original Message -----
From: Vittorio Bertola <vb@bertola.eu.org>
To: <ga@dnso.org>
Sent: Sunday, May 18, 2003 11:17 AM
Subject: [ga] A story about Whois and privacy


> A few days ago, I was watching one of my favourite TV shows here in
> Italy, and they were showing the following story.
>
> Some people had told the journalists of the show about a very peculiar
> online cheat: they had found a .com site advertising sex nights with
> very beautiful women (photos included) at the cost of several hundred
> Euros (even thousands in some cases). By calling the telephone numbers
> found on the site, they were told that they would have to pay in
> advance half of the money to get the "date". Money had to be paid to a
> given person and postal address through the payment system of the
> Post. But of course, when the people paid they never got anything back
> - the postal address on the payment bill was fake and by calling back
> the website owners they were only getting mocked. (And you can imagine
> that these "customers" weren't eager to go to the police to tell the
> whole story.)
>
> However, the journalist tried a WHOIS search on the domain, and he
> found the same name as on the payment bills - but this time with the
> real address! Thanks to WHOIS, he was able to get back to the owner of
> the domain. But to his surprise, he discovered that the owner was a
> mentally handicapped person living on minimal State subsidies. In the
> end, it came out that the true inventors of the fraud had exploited
> this person, convinced him to let them have his personal documents,
> and used these documents to register the domain and to collect the
> money at the Post office. The police was finally called and these
> people were caught.
>
> Now, apart from any judgement on suppliers and customers of this
> peculiar form of e-commerce, and giving for granted that everything
> was true and reported precisely, you may take different conclusions
> from this story.
>
> It is true that the people were found thanks to WHOIS, and that for
> the "customers" it could have been the only way to get back to the
> people behind the service. But it is also true that the police would
> have been able to do the same in a minute even without public WHOIS
> (either by a private access to WHOIS data, or by tracking down
> telephone numbers, or by looking for the name of the person). And what
> if, rather than by a journalist, the WHOIS search had been made by an
> angry customer? He could have ended chasing up or menacing the wrong
> person.
>
> So, personally, I take it as an indication that cases of "identity
> theft" are getting more and more common, and that some action should
> be taken; and that there should be a quick way to get back to domain
> owners in case of crimes, but it should not be accessible to everyone
> without control.
> --
> vb.                  [Vittorio Bertola - vb [at] bertola.eu.org]<---
> -------------------> http://bertola.eu.org/ <-----------------------
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
>

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html