Privacy with Domain Registration

In the world of getting online with your domain, the world is becoming increasingly difficult with registration of your domain and what options are available to you to protect your privacy. When registering your domain via a registrar like Godaddy or Bluehost, the registrar will send information to the central organization ICANN, who in turn validates with your provided credentials via email, you must do this within 15 days. If not, you may loose the domain. In turn ICANN also publishes provided information to the WHOIS database, leaving private information for anybody to grab, flood your email with SPAM and hackers, services companies to bother you.

At this time you have no way to opt in or out to protect your privacy. It is unbelievable to have to pay for privacy protection via your registrar. It is time we streamline this process to protect your privacy without putting phoney registrations of domains in place. We suggest you read options below, so you are better informed on domain registration , privacy and thoughts by others on this matter. Enjoy the information and reading!

Domain Registration

In 1993, the U.S. Department of Commerce, in conjunction with several public and private entities, created InterNIC to maintain a central database that contains all the registered domain names and the associated IP addresses in the U.S. (other countries maintain their own NICs (Network Information Centers) -- there's a link below that discusses Canada's system, for example). Network Solutions, a member of InterNIC, was chosen to administer and maintain the growing number of Internet domain names and IP addresses. This central database is copied to Top Level Domain (TLD) servers around the world and creates the primary routing tables used by every computer that connects to the Internet.

Each ICANN-accredited registrar, like Godaddy, Bluehost and others. must pay a fixed fee of US$4,000 plus a variable fee. The sum of variable registrar fees is intended to total US$3.8 million. The competition created by the shared registration system enables end users to choose from many registrars offering a range of related services at varying prices.

Domain privacy

Is a service offered by many of domain name registrars. A user buys privacy

from the company, who in turn replaces the user's info in the WHOIS with the info of a forwarding service (for email and sometimes postal mail, done by a proxy server).

Implications

The Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires that the mailing address, phone number and e-mail address of those owning or administrating a domain name be made publicly available through the "WHOIS" directories. However, that policy enables spammers, direct marketers, identity thieves, or other attackers to use the directory for personal information about those people. Although ICANN has been exploring changing WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.However, with the offer of private registration from many registrars, some of the risk has been mitigated.

Litigation

With "private registration", the private registration service can be the legal owner of the domain. This has occasionally resulted in legal problems. Ownership of a domain name is given by the organization name of the owner contact in the domain's Whois record. There are typically four contact positions in a domain's Whois record, Owner, Administrator, Billing, and Technical. Some registrars will not shield the Owner organization name to protect the ownership of the domain name.

Ownership of domains held by a privacy service was also an issue in the RegisterFly case, in which a registrar effectively ceased operations and then went bankrupt. Customers encountered serious difficulties in regaining control of the domains involved.ICANN has since remedied that situation by requiring all accredited registrars maintain their customers' contact data in escrow. In the event a registrar loses its accreditation, gTLD domains along with the escrowed contact data will be transferred to another accredited registrar.

There have been several lawsuits against NameCheap, Inc. for its role as owner/registrant. See http://randazza.files.wordpress.com/2009/05/solid-host-v-namecheap.pdf and in Silverstein v. Alivemax, et al. Los Angeles Superior Court Case Number BC480994.

ICANN's War On Whois Privacy

If you follow internet governance issues at all, you know that ICANN is a total freaking mess. It's a dysfunctional organization that has always been dysfunctional, but remains in charge because of the lack of any reasonable alternatives. ICANN frequently seems to be driven by powerful interests that are just focused on squeezing as much money as possible out of the domain system, and appears to have little appetite for being what it should be: an independent body protecting the core of the internet. As if to put an exclamation point on that, it appears to now be going to war against basic privacy. Here are two separate, but somewhat related, examples. 

First up, we have EasyDNS, who last month didn't beat around the bush in explaining just how ridiculous ICANN's new Whois Accuracy Program (WAP) is. The company noted that it regretted renewing its ICANN accreditation, even though it's necessary to register domain names. As EasyDNS notes, the whole WAP program is insane, and is almost designed to force domain owners to lose their domains -- especially if they want to keep a modicum of privacy. Under the program any time you change or renew your domains, you now will get an email requiring you to "verify" your whois data. As EasyDNS notes, since it's an email, it's designed in a way that looks very much like a phishing attempt, meaning many domain holders will ignore it. And if you ignore it... within 15 days, your registrar is supposed to suspend your domain. That program went into effect yesterday, and I imagine it won't be long before we hear the shrieks of pain as it impacts website owners. As EasyDNS notes:

You can thank ICANN for this policy, because if it were up to us, and you tasked us with coming up with the most idiotic, damaging, phish-friendly, disaster prone policy that accomplishes less than nothing and is utterly pointless, I question whether we would have been able to pull it off at this level. We're simply out of our league here.

But, that's not all! The good folks at Namecheap (who have sponsored us in the past here on the blog) have sent out an alarm (along with the EFF and Fight for the Future) over another proposal from ICANN concerning privacy and proxy services that many domain owners use to keep their information private. This is necessary these days, in part, because as anyone who owns a domain knows, that information gets scraped and you get spammed. A lot. And also, sometimes, people say things on the internet that they want to be anonymous in saying. And proxy services help you do that. But ICANN is effectively trying to kill that. Namecheap has put together the site RespectOurPrivacy.com to explain the issue and to ask people to tell ICANN to reject this proposal -- which was put together by MarkMonitor. Yes, MarkMonitor, the company famous for being engaged in all sorts of bogus censorship and takedown requests:

Under new guidelines proposed by MarkMonitor and others who represent the same industries that backed SOPA, domain holders with sites associated to "commercial activity" will no longer be able to protect their private information with WHOIS protection services. "Commercial activity" casts a wide net, which means that a vast number of domain holders will be affected. Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website? 

We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN.

That site has more info and shows you how to contact ICANN to protest this move. 

You can also look directly at the proposal itself, which notes that this view is not universal and there is disagreement over where the final rules will end up, but some have argued that:

"domains used for online financial transactions for commercial purpose should be ineligible for privacy and proxy registrations."

If MarkMonitor's involvement didn't tip you off, this is really a proposal of Hollywood who hates the fact that people can be anonymous online. It was presented to Congress last month by Steve Metalitz under the guise of the "Coalition for Online Accountability" -- a "coalition" made up of the MPAA, RIAA, ESA and SIIA (all copyright extremists). If you recognize Metalitz's name, it's because it's come up before. He's one of the entertainment industry's favorite lawyers, who helped push ACTA, SOPA and other bad copyright proposals. And now suddenly he's "concerned" about online accountability? Really? The main goal of the proposal is to destroy anonymity online by only allowing it in cases Hollywood approves of. In his presentation, Metalitz noted that there is only a "legitimate role for proxy registrations in limited circumstances." Have you applied for your special license to be anonymous yet? The MPAA and ICANN need to approve it first... 

Hopefully ICANN backs away from these plans and starts to get its act together. ICANN could and should be a powerful force in favor of an open internet with strong privacy protections -- and not encouraging programs that require giving up your privacy just to have a domain name.