Hi Jeroen
On Tue, 31 May 2022 at 16:20, Jeroen Massar via db-wg <[email protected]> wrote:
>
>
>
> > On 31 May 2022, at 15:31, Ángel González Berdasco via db-wg
> > <[email protected]> wrote:
> >
> > 30-05-2022 a las 13:17 +0200, denis walker writes:
> >> If no one is able to present the public interest case for publishing
> >> the name and address of natural persons holding resources then the
> >> privacy case takes priority. If we cannot justify publishing this
> >> personal information based on the purposes, then the GDPR says very
> >> clearly that we must not publish it. All personal details of natural
> >> persons holding resources will have to be removed from the database
> >> or hidden from public view. This will also apply to assignments as
> >> well.
> >> There are many assignments with name and full address details of
> >> natural persons in the "descr:" attributes. We will have to remove
> >> the "descr:" attributes where the assignee is a natural person or
> >> hide them from public view.
> >
> > Please note that GDPR has the concept of processing based on consent.
> > It might not be necessary to remove them. And some of those affected,
> > may want them to stay published.
> >
> > I agree, however, that *not* publishing the home address of those that
> > hold a resource as a natural person is probably a good idea.
>
>
> Consent is the key bit indeed. But people can also chose to not use the RIPE
> DB.
>
>
> Personally, I don't mind having my name + email address in there, whois is
> for my purposes primarily a assignment DB ("is it an eyeball, is it a VPS
> network, it is a bunch of evil VPNs") but most importantly a "who is"
> database and thus contact: who to contact for a given resource, when one sees
> bad things coming out of it, when they have MTU issues, etc etc etc.
There was quite a discussion on contacts a few days ago on this
mailing list. I am considering resource holders separate from
contacts. It was generally accepted that contactable contacts are an
important element of the database, but they don't need to be personal.
>
> As such, I personally would love to see the options:
>
> A) Publish name + email
> B) Publish name + email + phone
> C) Publish name + email + phone + address ('all')
>
>
> Personally B would be my option, the internet does not need to know where I
> physically am, but mail forwarding exists for that, making it an option
> though makes it clear one does not want to share that data and that it is
> just a forwarding place.
For resource holders that are not natural persons and not operating a
business from a home address, mandatory name, address and email with
optional phone is probably a good option. Where the resource holder is
a natural person, or operating a business from a home address, the
question is, do we have a clearly defined purpose of the RIPE Database
that requires the personal name and address to be published?
>
>
> But the problem is that some (not me) people want is:
> D) Hide all details
>
> Which would make whois for a person (they cannot have roles, otherwise they
> are not people) look like:
>
> person: Anonymous Person 172784394902
> remarks: RIPE anonymized person --
> https://www.ripe.net/contact/hiddenperson
> remarks: Responsible LIR: xx.lirhandle -- <handle>-RIPE --
> https://www.website.com # autopopulated from LIR
> email: [email protected]
> # forwarded mail
> nic-hdl: PERSON-172784394902-RIPE
> mnt-by: RIPE-NCC-ANON-MNT
> # Can't have own maintainer then either
> created: 2002-03-19T12:20:34Z
> last-modified: 2021-05-12T15:05:51Z
> source: RIPE # Filtered
I think maybe you are confusing resource holders and contacts here.
There are different requirements for the two.
cheers
denis
proposal author
>
> Thus email forwarding to not expose that data but still allowing contact and
> still allowing statistics/associations to be made based on the handle, but
> not private details to be released. (note that people can still drop all mail
> in /dev/null and chose to remain ignorant independent if the address is valid
> or goes anywhere at all; bad folks do not fix things)
>
>
> But I think it is a really bad idea; people who don't want to be named on the
> Internet already have options by hiding at a cloud provider or a VPS where
> they can borrow address space, they do not need to have their name in the
> RIPE DB.
>
> Note that such a policy would cause address space for the rest of the
> lifetime of IPv6 to be handled that way too; then just do not get your own
> prefix in the database.
>
> The above A/B/C ... yeah kinda makes sense; but option D, big nope from me.
>
> Greets,
> Jeroen
>
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change
> your subscription options, please visit:
> https://lists.ripe.net/mailman/listinfo/db-wg
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/db-wg
