Namecoin Forum

e-mail I got today from a registrar:

...as of 7/15/2014, ICANN, the Internet Corporation for Assigned Names and Numbers (and/or the associated ccTLD authority), requires that we ask you to review your contact data and make any changes necessary.

I agree that keeping info up to date can be important, but that kind of "requirement" I believe opens people up to identity phishing attacks.

I think it should be up to the individual or group what info they provide, and when they update it, without any "required" hounding from the registrar.

.

signup292 wrote:private registration takes care of that issue, free on 1&1

No disrespect intended but this is not a good solution.

You're replacing your identifiers with those of the registrar (or a proxy thereof) so technically they have a stronger claim of ownership than you. I'm not aware of this being challenged in national judicial systems, but it might at some point. Think of it like a title to a car, it is the primary means of claiming ownership. And don't think registrars are beyond stealing and cheating people out of their names, it happens.

The other compelling reason to be wary of this is that you're putting your trust in their data policies. Would you ever get your domain name back if they "lost" or screwed up the mapping between customers and WHOIS data? Do their employees have easy access to your real indentity info? See this Moniker.com incident involving a rogue employee. These companies have no incentive to really secure this data against hackers and social engineering in general, let alone informal government requests for the info.

.

Yep, just saying if the domain is worth a significant amount... your sole claim to ownership is at risk.

Registrars are not always the safe, solid, secure operations many people think they are. Sometimes they act downright shady too. So if something happened, and you could no longer access the domain name, how would you ever prove that it should belong to you?

You just need to imagine that a vengeful employee hoses their internal database by going in and doing stuff manually or by running in-house scripts. They might not notice for some time.
Or imagine a hacker gets in and acts maliciously, destroying data or stealing a copy of the database and hosing the registrar's copy.
Or an incompetent employee writes some bad code that screws up some data - maybe not horribly, and they don't realize for a while.
Or when some hardware failure occurs and they realize their backup procedure was broken.

This need for "private registration services" is a direct result of ICANN's extreme lack of caring about personal privacy. WHOIS contacts are required to be accurate, under the threat of domain confiscation. They bend over backwards for corporate interests, and give the middle finger to all individual registrants' and their privacy concenrs just to make things easier for corporations that want to send cease and desist letters to anyone who might be infringing on their perceived rights to protect their IP.