Overhauling Changes to WHOIS

Discussion of other internet issues.
Locked
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Overhauling Changes to WHOIS

Post by gotitbro »

You've probably heard about WHOIS the protocol to lookup registration information about domain names and IP addresses. Looks like the access to this maybe limited to normal persons like you and me due to the new data protection law of the European Union, General Data Protection Regulation (GDRP) which comes into effect this May.

While its not clear what exactly the changes will be to WHOIS in the long term, its expected that to comply with the GDRP deadline ICANN will roll out limited access to WHOIS this year (as a temporary measure) which only lets reasonable access to WHOIS such as by law enforcement. ICANN is also not enforcing WHOIS compliance on registries anymore as well.


These changes do not seem to be nice as now any website will be able to harass and threaten any individual without accountability of the general public. I hope WHOIS in its current form sticks but that does not seem likely.

Code: Select all

https://domainnamewire.com/2018/01/04/3-2017-gdpr-death-whois/
http://domainincite.com/22432-how-whois-could-survive-new-eu-privacy-law
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

[mention]smed79[/mention] Can you lease fix this typo above You'be to You've. Thanks.
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

gotitbro wrote: Tue Jan 09, 2018 12:07 am @smed79 Can you lease fix this typo above You'be to You've. Thanks.
I'm not [mention]smed79[/mention] but I've fixed it.
"If it ain't broke don't fix it."
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

The results of ICANN not enforcing WHOIS compliance can already be seen. GoDaddy has starting masking WHOIS registration details of its customers through the public Port 43 lookup. Details such as name, e-mail, phone number are hidden (Registrant, Admin and Tech contact data) when a domain is looked up through public WHOIS.

GoDaddy was already only showing the name of the registrant but now even the name isn't shown (* are shown in its place).

Full WHOIS is still available through their website which has a CAPTCHA. GoDaddy seems to be the only registrar which has been masking registration details possibly going against ICANN policies.

GoDaddy's move seems to be a direct consequence ICANN's lax stance on WHOIS following the GDRP.

Code: Select all

https://domainnamewire.com/2018/01/12/godaddy-start-masking-whois-data-port-43/
https://in.godaddy.com/help/masking-contact-information-shared-via-whois-automated-access-points-27421
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

gotitbro wrote: Mon Jan 29, 2018 4:39 pm GoDaddy has starting masking WHOIS registration details of its customers through the public Port 43 lookup. Details such as name, e-mail, phone number are hidden (Registrant, Admin and Tech contact data) when a domain is looked up through public WHOIS.
DNS Authorities including GoDaddy have been doing this for better part of 10-15 years ever since people wanted to keep their registration private.

I don't know what the rules are in EU but I believe you were able to still do that before but it wasn't mandatory. Thanks for the heads up but it's no news to me.
"If it ain't broke don't fix it."
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

[mention]Lanik[/mention] Do you mean WHOIS privacy? I meant that they limit and mask the information in Port 43 WHOIS lookups. Like for example the domain bmobile.com if you do a public WHOIS query on it (through CLI or a website like whois.com) this is what you get:

Code: Select all

Domain Name: bmobile.com
Registrar URL: http://www.godaddy.com
Registrant Name: Registration Private
Registrant Organization: Domains By Proxy, LLC
Name Server: NS07.DOMAINCONTROL.COM
Name Server: NS08.DOMAINCONTROL.COM
DNSSEC: unsigned

For complete domain details go to:
http://who.godaddy.com/whoischeck.aspx?domain=bmobile.com
This domain is using WHOIS privacy that's why the name and organization fields are shown if it wasn't only asterisks (*) would've been shown in those fields.


This is what I meant by WHOIS masking and I know GoDaddy has been doing it for some years now hence my next line "GoDaddy was already only showing the name of the registrant". Hiding even the name of the registrant via asterisks is new.

Also, the masking (showing limited details in WHOIS) wasn't heavily enforced before and many WHOIS web services would get around and get the full WHOIS records through Port 43. Such as Domaintools (http://whois.domaintools.com/), it would show the full WHOIS records of GoDaddy domains but it can't now. Only select people have access to the full Port 43 WHOIS records now such as Google (https://domains.google/).
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

Thanks for the lesson on WHOIS you do know I run a website right? It's a forum, you might of heard of it. :mrgreen:

Google has very little public info: https://domains.google.com/registrar?s= ... .com&chp=w

I'm kinda confused what it is they're doing in EU making everything private is my assumption. I can't argue with that logic.
"If it ain't broke don't fix it."
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Lanik wrote: Tue Jan 30, 2018 8:29 am Google has very little public info: https://domains.google.com/registrar?s= ... .com&chp=w
It shows the full WHOIS record. Not sure what you mean by "very little public info".
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Lanik wrote: Tue Jan 30, 2018 8:29 am Thanks for the lesson on WHOIS you do know I run a website right? It's a forum, you might of heard of it. :mrgreen:
Sorry if it came of that way. I was just making sure that I was being clear.
-Mark-
Postaholic
Postaholic
Posts: 382
Joined: Tue Jul 05, 2016 7:46 pm

Post by -Mark- »

If nothing, this will help torrent website admins to better mask their domain registration data via WHOIS.
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

-Mark- wrote:this will help torrent website admins to better mask their domain registration data via WHOIS.
For 2$ per year (Domain privacy or Domains by Proxy) it was always possible to hide your WHOIS infos.

https://en.wikipedia.org/wiki/Domain_privacy
https://en.wikipedia.org/wiki/Domains_by_Proxy (domainsbyproxy.com)

Public vs. Private http://i.imgur.com/jNLxfP2.png
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
-Mark-
Postaholic
Postaholic
Posts: 382
Joined: Tue Jul 05, 2016 7:46 pm

Post by -Mark- »

smed79 wrote: Tue Jan 30, 2018 5:03 pm it was always possible
and where did I say it wasn't ? Read again, I said it will get "better", that's comparitively positive to the previous situation and doesn't imply that it wasn't possible before.
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

[mention]Lanik[/mention] What I meant is this https://www.whois.com/whois/7hops.com. This domain is not using WHOIS Privacy and as be seen the name is clearly masked (******** ********).

The WHOIS info by GoDaddy was already limited but this masking is new. GoDaddy is also going strict on who is allowed full Port 43 access with even big WHOIS players like DomainTools being denied access (http://whois.domaintools.com/7hops.com).
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

gotitbro wrote: Tue Jan 30, 2018 5:33 am This is what I meant by WHOIS masking and I know GoDaddy has been doing it for some years now hence my next line "GoDaddy was already only showing the name of the registrant". Hiding even the name of the registrant via asterisks is new.
I was wrong. Looks like GoDaddy began limiting/masking WHOIS info on Port 43 only in the last year or so. It wasn't limiting it before that and the complete masking of names (as seen in my post above) only began in late January this year.

These decisions seem directly influenced by GDPR, which was adopted in April 2016, and ICANN' actions following that. As mentioned in a recent Motherboard article about ICANN going lax on WHOIS regulations
Last November, ICANN announced that it would not take action against registrars for “noncompliance with contractual obligations related to the handling of registration data.”
On the same day that ICANN’s interim WHOIS solutions were published, GoDaddy—the largest domain registrar in the world—announced that it would retract bulk searches of WHOIS contact details for its 17 million customers starting January 25.
The article goes in depth on the coming WHOIS changes and how it affects internet security and privacy

Code: Select all

https://motherboard.vice.com/en_us/article/vbpgga/whois-gdpr-europe-icann-registrar
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

More limitations on WHOIS can be seen following the above events. DENIC the German domain registry now requires you to fill out a form stating your purpose before you can see the registrant details of domains. Earlier it only required you to solve a CAPTCHA to see the data.

Looks like the WHOIS changes are here and maybe coming faster than thought.

https://www.denic.de/webwhois-web20/accepted-angenommen
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

PKNIC the Pakistan domain registry has also started to completely limit WHOIS data. It now only shows the registration/expiration dates and nameservers. Earlier registrant data along with other details were publicly available this is what is shown now
Due to current ICANN WHOIS compliance guidelines, such as ongoing General Data Protection (GDPR) models, for privacy and security, the public disclosure of user information has been limited. You can view your domain record by logging in to your PKNIC account, or by contacting us at staff[at]pknic.net.pk
I wonder what entails now, most registries are already taking steps to reduce WHOIS access without proper guidelines in place.

http://www.pknic.net.pk/ [Lookup a domain such dailypakistan.com.pk]
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

An article from cybercrime journalist Brian Krebs on how the coming WHOIS changes could lead to more spams and scams. WHOIS access could be limited by registrars/registries as soon as by the next month when the GDPR takes effect:
https://krebsonsecurity.com/2018/03/who-is-afraid-of-more-spams-and-scams/
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

The .im registry has started redacting all contact data from WHOIS searches due to GDPR. For example if you look up zpn.im
(https://www.whois.com/whois/zpn.im), it clearly states this:
This information has been redacted to comply with European Union General Data Protection Regulations (GDPR). Please contact us at email[at]nic.im if you have any further queries.
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Looks like registrars/registries will be following the "ICANN Temporary Specification" approved on 17 May which specifies providing minimum data for WHOIS records. And from the looks of it, it will only provide the Registrant Organization, State/Province and Country.

This what GoDaddy shows when you perform a WHOIS on Port 43 (Eg.: https://www.whois.com/whois/myvidster.com):
Port43 will provide the ICANN-required minimum data set per ICANN Temporary Specification, adopted 17 May 2018. Visit https://whois.godaddy.com to look up contact data for domains not covered by GDPR policy. Law Enforcement Agencies can find instructions on how to request for disclosure of contact information here: https://www.godaddy.com/help/article-27915
Looks like the beginning of the end of WHOIS as we know it.
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

The Danish domain registry for .dk domains will not redact domain WHOIS data. It states that it is required by Danish law to publish contact details for .dk domain owners therefore GDPR will not apply to these domains.

https://www.dk-hostmaster.dk/en/news/danish-whois-database-will-remain-illuminated

Well this is certainly a departure from the trend that other registries are following. It should also be noted that Denmark has one of the most open accessible govt. data as well https://index.okfn.org/place/dk/.
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Afilias, Neustar, Nominet, and Donuts have all started redacting WHOIS data for their managed TLDs. (This would cover a large number of TLDs.)

https://twitter.com/whois_search/status/999949744200876033
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Now even DENIC has stopped the automated system for checking WHOIS data, you can only get registrant data if you are a the domain holder yourself or a public authority. (https://www.denic.de/webwhois-web20/en Check a domain such as filmportal.de)
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

(https://www.denic.de/webwhois-web20/en Check a domain such as filmportal.de)
https://www.denic.de/webwhois-web20/?lang=en&domain=filmportal.de
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

DomainTools on what changes with the ICANN Temporary Specification model for gTLDs.
https://blog.domaintools.com/2018/05/gdpr-is-now-live/

Should be noted that DomainTools has stopped providing basic details about domains such as screenshot history, how long the domain has been in DomainTools database (was useful in determining a domains age), reverse WHOIS record search etc. to non-subscribers.
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

Many registrars and registries (especially European registries*) have followed suit and now only show minimum technical data for domain names in public WHOIS to company with GDPR. Well now we can goodbye to datamaps of cyber criminals created through WHOIS, even the RoughTed adblock malware was mapped via WHOIS. Not sure how these changes will be perceived in the future but it doesn't seem to be good right now.

* Such as the .ro TLD registry which enacted domain owner redaction on the GDPR day (25th May) itself
http://www.rotld.ro/whois/?domain=verificasursa.ro
Locked