How long until “Whois” dies?

ICANNThe Whois service, which reveals the identity of Web site owners, could soon be a thing of the past.

The service, even if highly useful to many, has been highly criticized by privacy advocates, who say individuals should have the right to remain anonymous on the Web.

I have to say that I use the service quite often, mostly to track and contact people who steal content from [GAS]. Most of the time, these people leave no contact information on their Web site, so Whois is often the only way to get in touch with them.

The Whois database falls under the responsibility of the ICANN, the organization responsible for managing domain names on the Web. Last Wednesday, ICANN called a meeting to analyze whether or not they should disband the service. Unfortunately, even after 7 years of debate, it was decided further discussions were needed before a decision could be taken.

So with this debate in mind, here’s a question for you readers: Do you think a service such as Whois is a necessary evil on the Web? The comments section is open and we’re eagerly waiting to know your opinion on the matter.

Advertisement





19 Responses to How long until “Whois” dies?

  1. I kept hearing about a threat to "kill" whois, but no one has come up with any other alternate.

    The whois information is critical when it comes to information security and I find it difficult to envision what anyone would do without it.

    • Yeah, but as a website owner, I don't appreciate that my personal info can be available to the public, that's why I'm paying a monthly fee (about $1.50) to keep the details private. If someone wants to contact me, they have to pass through a third-party service…

      There's a contact section on the site anyways.. Maybe one day I'll open a PO box for the site. After this, I'll probably start making the details public.

  2. I kept hearing about a threat to “kill” whois, but no one has come up with any other alternate.

    The whois information is critical when it comes to information security and I find it difficult to envision what anyone would do without it.

    • Yeah, but as a website owner, I don’t appreciate that my personal info can be available to the public, that’s why I’m paying a monthly fee (about $1.50) to keep the details private. If someone wants to contact me, they have to pass through a third-party service…

      There’s a contact section on the site anyways.. Maybe one day I’ll open a PO box for the site. After this, I’ll probably start making the details public.

  3. I definitely see your point, believe me. No blogger should also have to worry about physical threats for what he writes, either. There have been cases where bloggers have been tracked down for what they write, and its a scary thought.

    But in most cases, the website needs to have someone listed who can be accountable for its security. That way if a site is being used to store stolen password files, warez, illegal pr0n, or is an open proxy that allows hackers to use it for DOS or other attacks, the owner can be notified so something can be done about it.

    I think doing away with whois or moving to a completely anonymous system would only help hackers, fraudsters and criminals.

    The only other valid alternative will be a third party certifying agency, kinda what they do with SSL certificates. A third party vouches for your identity for a fee so others on the web will know it is safe to openly communicate with your server. And if you choose to bypass that agency, content filters around the world will happily block your site.

  4. I definitely see your point, believe me. No blogger should also have to worry about physical threats for what he writes, either. There have been cases where bloggers have been tracked down for what they write, and its a scary thought.

    But in most cases, the website needs to have someone listed who can be accountable for its security. That way if a site is being used to store stolen password files, warez, illegal pr0n, or is an open proxy that allows hackers to use it for DOS or other attacks, the owner can be notified so something can be done about it.

    I think doing away with whois or moving to a completely anonymous system would only help hackers, fraudsters and criminals.

    The only other valid alternative will be a third party certifying agency, kinda what they do with SSL certificates. A third party vouches for your identity for a fee so others on the web will know it is safe to openly communicate with your server. And if you choose to bypass that agency, content filters around the world will happily block your site.

  5. I find WHOIS info invaluable to my job. I'm a SysAdmin at a small company, and the whois info lists a contact person for a domain, when the domain expires, and the name servers (DNS servers) for the domain. All three pieces of info are required for me to do my job. I'm fine with anonymized contact info in the domain, as long as when I e-mail that address, or call the phone number, in that record, I get through to someone who is authoritative for the domain.

    Whois info verifies what DNS servers are authoritative for a domain, and helps me to show my company's clients that "no, we aren't doing the DNS hosting for that domain anymore – look here, at the whois info" or simply to tell them, "please contact ABC, Inc. who run the name servers for your domain; they can update the DNS for http://www.xyz.com to point to our servers" and so on.

    So, I think WHOIS is invaluable and necessary. I understand the privacy concerns, and I'm fine with anonymized contact info in the domain, but for business, some valid contact info and the listing for the authoritative name servers are necessary.

  6. Most registrars offer private domain registrations though. So does WHOIS really work anyway? If you whois franzone.com, then all you will find out is that I host with 1&1. If it were a legal matter then I suppose you may be able to get a court order for the real owner of the domain, but for everyday use I don’t think it’s that useful.

  7. I find WHOIS info invaluable to my job. I'm a SysAdmin at a small company, and the whois info lists a contact person for a domain, when the domain expires, and the name servers (DNS servers) for the domain. All three pieces of info are required for me to do my job. I'm fine with anonymized contact info in the domain, as long as when I e-mail that address, or call the phone number, in that record, I get through to someone who is authoritative for the domain.

    Whois info verifies what DNS servers are authoritative for a domain, and helps me to show my company's clients that "no, we aren't doing the DNS hosting for that domain anymore – look here, at the whois info" or simply to tell them, "please contact ABC, Inc. who run the name servers for your domain; they can update the DNS for http://www.xyz.com to point to our servers" and so on.

    So, I think WHOIS is invaluable and necessary. I understand the privacy concerns, and I'm fine with anonymized contact info in the domain, but for business, some valid contact info and the listing for the authoritative name servers are necessary.

  8. Most registrars offer private domain registrations though. So does WHOIS really work anyway? If you whois franzone.com, then all you will find out is that I host with 1&1. If it were a legal matter then I suppose you may be able to get a court order for the real owner of the domain, but for everyday use I don't think it's that useful.

  9. Why do people feel the need to be anonymous on the web? So they can be jerks? If you run a domain, their should be a way to contact you if their is a problem. I understand the problem with people using the whois database to harvest email addresses. The simple solution to that is 20 years in prison for offenders.

  10. Why do people feel the need to be anonymous on the web? So they can be jerks? If you run a domain, their should be a way to contact you if their is a problem. I understand the problem with people using the whois database to harvest email addresses. The simple solution to that is 20 years in prison for offenders.

  11. This is the nuttiest thing I have heard this year. Whois going away for privacy concerns? That is like the phone book going away for privacy concerns. Ridiculous really, and I cannot believe ICANN ever even entertained the idea. You don't want your private registration showing? Check the damn box, or put in less private info. Some method of contact should be absolutely required.

    My 3 cents.

  12. This is the nuttiest thing I have heard this year. Whois going away for privacy concerns? That is like the phone book going away for privacy concerns. Ridiculous really, and I cannot believe ICANN ever even entertained the idea. You don’t want your private registration showing? Check the damn box, or put in less private info. Some method of contact should be absolutely required.
    My 3 cents.

  13. For me, I have one person who has followed me around the web for years and everytime I register and set-up a new blog they always seem to appear, lurking of course, within an hour or two of it going live, even without any kind of announcement. I'm convinced it's all to do with whois.

    I'm not sure why 'normal' people should be privy to that kind of information – or if they are, it should only allow the very basic details: name, state, country, not phone number, inside leg measurement and favourite Kevin Smith film as it does now. :)

    • You mean this:
      http://www.amazon.com/I-Love-Shea-Bennett-Sweatsh

      I know, I shouldn't tease you about being 'internet stalked'. I am sure it can be terrifying somehow for a guy who puts his website address and full name in the comments. Not so hard to find your blog when you post it along with the comment.

      And by the way, no whois that I have ever been to (which is a few hundred) have ever had the ability to search by Personal Name. I think you are mistaken that whois is the chink in your elaborate internet armor. I apologize for sounding like a jackass, but I am. It peaves me to no end that misinformation like this is why my grandmother is afraid to look at gardening websites for fear someone will steal her identity. Stop FUDding, and learn how to use the system to protect yourself.

  14. For me, I have one person who has followed me around the web for years and everytime I register and set-up a new blog they always seem to appear, lurking of course, within an hour or two of it going live, even without any kind of announcement. I’m convinced it’s all to do with whois.

    I’m not sure why ‘normal’ people should be privy to that kind of information – or if they are, it should only allow the very basic details: name, state, country, not phone number, inside leg measurement and favourite Kevin Smith film as it does now. :)

    • You mean this:
      http://www.amazon.com/I-Love-Shea-Bennett-Sweatsh

      I know, I shouldn't tease you about being 'internet stalked'. I am sure it can be terrifying somehow for a guy who puts his website address and full name in the comments. Not so hard to find your blog when you post it along with the comment.

      And by the way, no whois that I have ever been to (which is a few hundred) have ever had the ability to search by Personal Name. I think you are mistaken that whois is the chink in your elaborate internet armor. I apologize for sounding like a jackass, but I am. It peaves me to no end that misinformation like this is why my grandmother is afraid to look at gardening websites for fear someone will steal her identity. Stop FUDding, and learn how to use the system to protect yourself.

  15. I believe serving electronic content is a means of publication and I think what people say in public is not protected by privacy. Instead, anyone who makes public statements should be able to be held responsible for them in some way.

    However, most DNS registrars offer privacy protection of WHOIS data. Because of this, the utility of the WHOIS data is already reduced. And to track some libel offender down, one probably better goes for the IP address. But how do I know whom to contact for some IP address? Answer: reverse DNS lookup and whois.

    Therefore, I think WHOIS should remain to provide some traceable accountability for public statements made by pepole. If you want to protect your home phone number, don't put it into the registrar's database, or enable the privacy option by your registrar.