At 4/12/04 3:07 AM, Gordon Hudson wrote: >Hello >This privacy issue is very interesting ebcause we are building a sytem which >will allow for this (and we won;t be charging extra for it). > >However (and its a big however) as soon as anything other than the "owner" >of the domain name is put int the organisation field, the person who thinks >they own the domain name no longer own it. >This is not debateable, or something you can hold an opinion on, its a fact.
Right. If you're going to replace the owner's name, you need a strong contract that absolves you from liability and allows you to turn off the privacy as soon as it becomes an issue, shoving the owner's name back in there so he can be sued instead of you. An alternative is to leave the owner's name in there, obfuscating just the address and phone number information. In this way, the owner gets some basic privacy from junk mailers and murderers showing up at her house, but still remains the legal owner. This seems to be a compromise that most end-users are happy with. >Now supposing we (in our model) own the domain name and lease it to the >registrant. >All goes well until our business goes bust. >The registrant is then up the creek without a paddle as they have no >ownership rights over the domain name. Yes, this kind of thing was what I had in mind when I said that some people will do it wrong and cause problems. (Not that this doesn't happen already; we get plenty of frantic calls from customers of Web hosting companies who put domain names in their own name using their own e-mail address, then go out of business.) If the e-mail contact address for the domain will still reach the owner after your business goes bust, this would be less of a problem because many domain owners will be able to transfer it. Won't help in all cases, though. The other responsible thing to do is escrow the data. Make a CD-ROM, or even paper printout, that gets sent to your attorney every week, with instructions on how to release it to a trusted party who can "fix" the data if necessary. (This kind of problem is why this would be better done at the registry level, really...) >There is also the issue of disputes with the "registrant". >or what if the domain name is being used for spamming and we stop the >person who paid us from using the domain name? > >What about illegal activities (we had someone selling drugs from a web site >recently)? If we are the owners we are going to be implicated. Most private registration type contracts allow you to unveil the privacy "at your sole discretion" if you have any reason to suspect the person is violating your terms of service -- that is, they offer no actual guarantee of privacy to the registrant. >Its probably going to be impossible to implement legally without the "owner" >signing paper contracts to keep us in the clear, and we will probably have >to have the domain names owned by an offshore company in a jurisdiction >where suing us is not going to be easy. You could avoid most of these problems by simply not obfuscating the owner's name and by telling people you'll turn off the privacy if you receive any TOS complaints. If you intend to list your company as the owner no matter what happens with the domain, though (instead of just acting as a contact point for the listed owner when there are no problems), yes, you probably do want to be much more concerned about it. -- Robert L Mathews, Tiger Technologies http://www.tigertech.net/ "Ignorance more frequently begets confidence than does knowledge." -- Darwin
