Michael Peddemors wrote:
On 18-05-03 11:20 AM, Marc Goldman via mailop wrote:
Since GDPR has pushed for a public WHOIS to disappear (even though
ICANN seems to be resistant), how do those of you in the email world
feel this will affect those of us who believe in the best practice of
having clients/users turn off WHOIS Privacy on their domains?
E.G we have - for both our ESP & SMTP service, made WHOIS PRIVACY a
validation check upon setting up and sending and those with WHOIS
PRIVACY enabled are unable to send through our service(s) until its
disabled.
I would guess this would now be a null and void policy or one that
will soon be impossible to enforce/rely upon?
Your opinions/comments are appreciated.
Marc Goldman
Personally? Well, you can have privacy if you choose, but just like
people don't answer phone calls from unlisted numbers, don't expect
people to answer your emails either ;)
There are legitimate reasons for anonymous domains, but if there is no
one listed to report problems related to that domain, it becomes a
problem. IF you have to be anonymous, send mail out through a mail
service that isn't anonymous (eg PTR reflects a domain where there is
whois and contact information)
And for the record, GDPR did not 'push' for WHOIS to dissappear, the
registrars are just concerned that publishing that data in WHOIS may
contravene the GDPR.
Personally I'd 'push' for it to stay as it is, and ensure that it is
clear to people that 'owning' a domain requires the publishing of
certain data.... That way its simple, you want a domain you consent to
having your data published or you take out a privacy service.
I really don't get a lot of this privacy stuff that goes around at the
moment... I understand that social networking has abused the privacy of
users under the similar guise of "you want to use our service it's in
the terms and conditions in clause 20598, found on page 147, paragraph
5 that we may use any data and/or content you provide in any way we
want" (oh, you didn't read past clause 97, sorry ignorance is not a
defense...!) but that's social media and free stuff... If you're paying
for a service (such as provision of a domain name it should be clear in
the signup/buy process that international requirements are publication
of certain details (name/address/phone/email etc) and should you not
wish this you should purchase a privacy holding service or not purchase
at all. ICANN should be able to hold this as a policy against the
GDPR... Further, whilst this might have cause for people to complain,
this type of publication of details is across many different sectors,
for example, my name and details are on land registers in several
countries because I bought rather than rented. All those land registers
have public access.... This is not an unusual or uncommon
requirement/policy.
However, the GDPR does allow for personal information to be shared, as
long as it is for a legitimate reason, and the person who's
information is displayed understands that and agrees to that.
Precisely....
"I want to buy a domain name"...
..."Ok sir/madam, I will need to supply your name, address and telephone
number for the public registry, do you agree?" ....
...."No, sorry I want to keep private.".....
....."Ok sir/madam you need to purchase a privacy service to hold your
registration on your behalf, please be aware that they can expose your
personal information as per their policy but this is usually because of
abuse issues."......
......"Not ok, I'm not paying someone to keep me private, the GDPR says
I don't have to have my details published".......
......."No problem sir/madam, it's a requirement for domain ownership
worldwide therefore we cannot offer you the registration of a domain.
goodbye *click*"
... problem is you know some will change that last line, to "oh yes we
can do that, *clicks customer agrees to public disclosure*" or "*sales
person buys the domain themselves and offers it at a higher price using
fake data*" etc...
Now, if anyone takes that information, and uses in way that wasn't
agreed to by the person, (eg a person stripping that data, whether a
spammer or a 'data company') it is that party that is contravening the
GDPR....
Which has always been the issue, with data protection acts and all sorts
of stuff.... people in the USA tend to believe they are the law and that
European Law is just some ridiculous notion by the royalists and that
sales trump international law... or other countries take the 'f**k the
law' attitude etc Whilst ever the cross border enforcement is in the
state it is none of this is really more than lip service for many. (eg
I have been approached about 3 separate issues of stalking and bullying
online here in Australia, getting either the local or federal police to
do anything has been a joke, "its facebook there is nothing we can do,
stop using social media" being the answer in all cases... seriously!!)
I expect it (the wrangling and legal arguments) to go on for some time
yet, before this is all sorted out.
I expect you'll be right, then half the online world will just ignore
the GDPR and do their own thing anyhow...
--
Michelle Sullivan
http://www.mhix.org/
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
