[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ga] Privacy and Whois databases


With tools I am pretty sure the market will respond and to find a way out. 

>How do you contact the operator of a web site whose DNS has been hijacked
>by a pornography site?

I was envising a system, pretty much like buying a domain name - go to the
site of the firm holding whois information, agree to the agreement, pay
nominal fee by verifiable means (credit card/your account with them) and see
the information right away. I was relying on similar verifying mechanism as
in domain name purchase rather than certificate.

>How is the data maintainer going to cover or recover his costs?

From the nominal fee lots of us pay.

-----Original Message-----
From: Peter Veeck
To: Srikanth Narra
Cc: ''ga@dnso.org ' '
Sent: 10/16/99 9:20 PM
Subject: Re: [ga] Privacy and Whois databases

My argument is that there are pitifully few tools available to address
network abuse, and operational problems.  The registry databases are a
tool for
that use.  If your remove them you are removing a piece of the network
operational structure and must replace it with something. How do you
contact the
operator of a web site whose DNS has been hijacked by a pornography
Presently you go to the whois and get the phone number of the
administrator.  If
you have to go through a process of certification for access, by email
or snail
mail you create an unacceptable delay. If you set up prior
certification, you
create an extremely large pool of access to the database  which will be
different than the current system.  How is the data maintainer going to
cover or
recover his costs?  If he is consistent with existing databases it
becomes a
profit center.  Affluent organization can obtain the data.  You only cut
access for the individual and non-profit.  Have there not been enough
to business interests already? I offered a solution, tongue in cheek
that an enforcement division be established and rejected this personally
in favor
of the current system.  The current system requires that a tenet of the
access to information, be observed. There are other solutions.  RFCs can
written to require that all mail programs be secure and the messages all
traceable.  We must bear in mind that RFC compliance is voluntary and
there is no
one enforcing compliance.  What I ask, is not to remove a tool for
administration without either replacing it with another or eliminating
the need
for that tool.  Being listed in at least three registry databases I
the problem of privacy.  Being a network and server administrator I want
to keep
the system working.

Peter Veeck

Srikanth Narra wrote:

> Jeff/Peter
> Maybe I miss your point a bit. My apologies -bear with me a bit more.
> information is currently avaliable freely and instantly at finger tips
> abuse today.
> The way I see it, under my proposal, we are providing a means for a
> legitimate liable business firm to come forward and protect the
> free of cost or at negligible cost to us by means of a workable
> model.
> The firms will have to follow all the privacy laws that apply in real
> (in the country they are incorporated in).
> As well as - with the strides EU is making with regards to privacy and
> demands they are placing on overseas companies with regards to
> about their citizens - in return for allowing for companies to operate
> smoothly in their countries and/or other wise in various trade
> And possibilites of other countries taking the lead from that. (in the
> countries the citizens reside as well).
> The firms should be expected to have a fairly large sum of amount in
> - initial deposit as well as certain percentage of fees - to pay for
> in case of violations.
> Users can resort to courts if they see a preceived violation. States
> always resort to international courts/mechanisms, etc over percived
> violations of their right over their citizens information.
> Personally I feel a whole lot more comfortable letting the courts /
> governments beat the firms into evolving in a better manner and
> rather than giving more powers or duties to ICANN.
> User benefits in different scenarios :-
> >From Spammers angle - The user has records of who made the request
for his
> information. Possibily a contract between the firm giving information
> the user who took the information - binding the information seeker -
> information would not be used for spamming and any other purposes than
> stated. For a nominal amount you get information to service the
> who spammed you. This in itself should make spammers task more
> >From Stacker angle - The instant email gives you a early alert at the
> >From Political persecution - The instant email gives the user a early
> warning to seek shelter at the least. With all the holocaust and other
> payments going on, I am sure the firms will do all they can - in a
> and legal manner with regards to the rights of country over
information in
> their citizens as well as avoiding becoming a accesory in persecution
of a
> individual.
> Can you put in a easy example model which of these above would be
worst of
> than the users are now.
> Also one thing I would like to state is with whois records - their is
a huge
> burden on individuals to keep the records in whois current at all
times or
> risk losing the domain ,possibily, under most unreasonable/filmsy of
> circumstances (eg:-aolsearch.com would make a interesting example).
> Sri
> -----Original Message-----
> From: Jeff Williams
> To: Srikanth Narra
> Cc: 'Peter Veeck '; 'Mark C. Langston '; 'ga@dnso.org '
> Sent: 10/16/99 5:07 AM
> Subject: Re: [ga] Privacy and Whois databases
> Sri and all,
>   My only comments are that this basically puts someone's privacy
> up for sale at a fixed price no less.  And that if I find that any of
> regarding any of our DN is sold in this or any other manner the
> responsible parties can expect to be served immediately.
> Srikanth Narra wrote:
> > Peter
> >
> > This proposal, if any thing, should act to everyone's advantage in
> fighting
> > spam.
> >
> > 1. It becomes prohibitively expensive for a spammer to get (or
> revalidate
> > your information if you change it) from whois database as they have
> pay
> > on a domain by domain basis giving valid reason (however filmsy) for
> > obtaining your details. The records of such requests exist with the
> > register.
> >
> > 2. Becomes (hopefully) easier for registers to spot someone mining
> whois
> > for spamming purposes  - as they will have to make fairly number of
> > requests. At the least complicates spammer's methods to gather
> information
> > as they will have to use multiple identities, etc (remember
> means
> > of payment).
> >
> > (maybe we can even suggest some guidelines for registers to request
> for a
> > additional safety deposit from someone requesting too large a number
> of
> > records like couple of thousand - for legal defence or compensation
> purposes
> > - to be release back to requester after a certain time lapse)
> >
> > 3. Gives you a advance notice that someone is trying to lookup your
> records
> > and  why, (automatically and free of cost email to your email
> -
> > unlike credit bureaus where you have to request for such
> -
> > giving you a chance to notify register if you suspect its a spammer.
> or take
> > precautions if its a potential stacker or political/religious
> persecuter.
> >
> > 4. As far as change from present system - from your additional
> > perspective - all that has changed to is, you having to pay nominal
> fee
> > (just like a spammer would) to enquire the spammers records. All
> legal
> > and other options remain intact  - nothing else changes from present
> day. A
> > fair price for the little bit more sanity, peace of mind and
> safety
> > - is it not ?
> >
> > Best of all nobody ICANN or anyone gets additional powers or
> juridiction and
> > is a market based solution.
> >
> > comments ?
> >
> > Sri
> > -----Original Message-----
> > From: Peter Veeck
> > To: Mark C. Langston
> > Cc: ga@dnso.org; Srikanth Narra
> > Sent: 10/15/99 10:19 PM
> > Subject: Re: [ga] Privacy and Whois databases
> >
> > "Mark C. Langston" wrote:
> >
> > > On 15 October 1999, Srikanth Narra <snarra@talus.net> wrote:
> > >
> > > >May be we can take a clue from the way credit files are kept in
> > and use
> > > >the same model.
> > > >
> > > >The whois records stay private with register. Anyone wants to
> a
> > look at
> > > >them pays a nominal amount by verifiable means like credit card
> a
> > check
> > > >for the privileage to see the information. (that should cover the
> > registers
> > > >expenses for keeping the records private and to fend the
> >
> > I use whois to fight spam abuse.  Are  Spam complaints going to be
> taken
> > over by
> > ICANN or a subset thereof?
> >
> > Peter Veeck
> Regards,
> --
> Jeffrey A. Williams
> Spokesman INEGroup (Over 95k members strong!)
> CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
> Information Network Eng. Group. INEG. INC.
> E-Mail jwkckid1@ix.netcom.com
> Contact Number:  972-447-1894
> Address: 5 East Kirkwood Blvd. Grapevine Texas 75208