North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: no whois info ?

  • From: Rich Kulawiec
  • Date: Sun Dec 12 12:44:07 2004

I'm going to try to keep this short, hence it's incomplete/choppy.  Maybe
we should take it to off-list mail with those interested.

On Sat, Dec 11, 2004 at 10:06:10PM -0700, Janet Sullivan wrote:
> Great!  So, if you are a vulnerable minority, don't use the internet. 

I said precisely the opposite.

	This _in no way_ prevents anyone from doing things
	anonymously on the Internet: it just means that they can't
	control an operational resource, because that way lies madness.

And anyone who *is* a vulnerable minority should avoid doing this (that
is, deliberately exposing themselves by controlling an operational
resource) at all costs, because it self-identifies and instantly
compromises the very privacy they seek/need/want.

This doesn't stop anybody from doing anything they want online --
*except* controlling those resources, which is, like I said earlier,
is one of the very last things they should want to do if they're truly
concerned about their privacy.

And the other side of it is: I don't think an Internet with anonymous people
controlling operational resources is workable.

> OK, how many anonymous domains (ala domainsbyproxy) have you been unable 
> to contact? 

I *never* attempt to contact the owners of a domain which appears to be the
source of abuse, anonymous or otherwise.   It's a complete waste of time.
I use the means at my disposal to ascertain whether it's really them (which,
99% of the time, is blindingly obvious) and then act accordingly.  In the
remaining 1% of the cases, where substantial doubt remains, I note it and
await further developments.  Sometimes those further developments include
reports/claims of joe-jobs; sometimes they include clinching proof (either
way) that eluded me; sometimes they're not forthcoming for a very long time.

<shrug>  So be it.  But I learned long ago that (modulo some very rare cases)
the only thing that can come out of contacting said domain owners is possible
disclosure of the means by which the abuse was detected, and the fact that
it _has_ been detected, and that's not a good thing.

> But, I get less spam, and MUCH less snail mail, with anonymous registrations.

Today, perhaps.  Do you really think it's going to stay that way?  Surely
you must know that eventually the spammers WILL get their hands on your
"private" domain registration data, WILL use it to spam -- and oh-by-the-way
will also make a tidy profit doing a side business in selling it to anyone
with cash-in-hand?

C'mon, these are people with bags of money to spend.  Do you *really* think
that the underpaid clerk at J. Random Registrar is going to turn down $50K
in tax-free income in exchange for a freshly-burned CD?  And of course, once
the data's in the wild, it's not like those who are selling it will balk at
providing it to customers who have serious axes to grind.

Or if you want to believe in the fiction of 100% trustworthy registrars,
what happens when one of their [key] systems is zombie'd?  Or when somone
figures out how to hijack one of the data feeds and snarf all the brand-new
domain data as soon as it's created?

There is a market for this data.  Therefore it will be acquired and sold.

And attempts to maintain the pretense that it's otherwise -- while no doubt
inflating the profits of those peddling "anonymous" registration -- are
disengenuous, and in the long run, potentially very damaging, with the extent
of the damage perhaps proportional to the degree on which people rely on it.
(More bluntly: some people are going to be burned very badly by this.  And
the subsequent inevitable litigation won't undo it.)

> I agree.  But why should it matter if you know the name of the person 
> controlling an operational resource if they are responsible net citizens?

Maybe, but I think where we differ is that I strongly believe that responsibility
(for operational resources) _requires_ public identification.

[ Oh: please note: content is not an operational resource.  F'instance, I have
no problem, for instance, with someone running a blog anonymously.  I have a
serious problem with someone running a network anonymously. ]