It's pretty absurd to require users to continually pay you money with threat of revealing all of their personal information publicly if they ever choose to stop paying you.
I can't imagine many industries getting away with that except for registrars due to how the whois system has worked historically, but it's basically just extortion, keep paying us or you're doxxed. Whois privacy should be the default everywhere for no additional charge, so I guess this is a change in the right direction.
Can someone explain in more detail why they aren't able why they aren't able to cover certain TLDs (including several falling under GDPR in the EU)? Their FAQ says: "Due to registry restrictions, WhoisGuard cannot be used with .asia, .ca, .cn, .uk, .co.uk, .de, .eu, .in, .id, .me, .uk, .nu, .li, .ch, .fr, .sg, .com.sg, .org.uk, .us, .es, .com.es, .nom.es, .org.es, .com.au, .net.au, .paris, .vote, .voto, .xn--3ds443g, .nyc, or .org.au domains."
DENIC (.de) has had it’s own policy including their own form of protection for a long time.
Currently you can query for generic data and an abuse email address but the contact details are only revealed if you are the domain holder or have a solid reason[1].
> In all other cases, DENIC will generally not provide information. Instead, if you think that the contents of a website that can be accessed via a domain may be illegal, you should send an e-mail reporting the matter to the e-mail address for abuse reports (Abuse). You find the e-mail address on the domain query page. Moreover, the imprint, if any, of the website concerned will inform you who is the operator of the website.
To add some additional context, a proper, up-to-date imprint, including a postal address (no P.O.) and in most cases a phone number, is legally required for practically every website in Germany
Not sure about the others, but if you do a whois on a .ca domain you will see it already returns a proxy address (Canadian Internet Registration Authority). You have to provide a valid Canadian address to register a .ca, but they'll only give that information to law enforcement.
.NYC requires that the owner have a physical presence in New York City. In addition to the standard whois owner/tech/billing/etc contact sections, .NYC requires a "Nexus" contact -- basically, a NYC-based address of either a person or business affiliated with the domain.
See http://www.ownit.nyc/faq, under "WILL PROXY REGISTRATIONS, SOMETIMES CALLED “DOMAIN PRIVACY” BE ALLOWED ON MY .NYC DOMAIN NAME?"
Basically, it's the registrar's policy to prohibit obfuscating the actual domain owner. Resellers like Namecheap have to abide by these policies.
I can't speak for EU domains, or for the reasoning behind the .NYC policy.
It's what it says, for some extensions, whois information is managed by the registry. Namecheap is legally obliged to provide the registrant information to the registry and they publish the whois information.
In the case of most of those, it's simply unnecessary. For instance, for EU ccTLDs, none of them reveal anything more than the most basic information in Whois for private individuals owing to the DPD (and its successor, the GDPR). For others, as people have noted, you need to prove residency. This is pretty common with ccTLDs who aren't subject to ICANN regulation, even outside of the EU.
I can't recall the .vote/.voto policies (haven't work for a registrar in a year), nor those for .asia.
I just renewed a domain with Namecheap and, based on the price they're now charging, pretty sure the cost of this “free” whois privacy protection is now just built into the cost of their products. Not impressed.
Jan 23rd 2018: $10.87 for .com and $0.99 for whoisguard ($11.86 total)
29th May 2018: $10.98 (+0.11) for .com and 0.18 ICANN'T fee ($11.16 total).
So it's $0.71 cheaper without whoisguard. So that margin (increase in .com) probably covers the actual whoisguard cost, the $1 fee was pretty much pure profit.
I trawled for free whois privacy a few years back and found <https://internetbs.net/>. For a registrar I can't complain, it's cheap and the offer hasn't disappeared. Now all my domains live there.
You might be impressed with Namesilo. They've always had Whois protection for free as long as I've used them. .com domains are something like $8 per year.
> Because at Namecheap, we care about your privacy protection.
Only when we can stop profiting from selling privacy services because of a new law that came into effect a few days ago.
I'd have believed them if they did this 2 years ago once GDPR was announced. Already moved my domains from namecheap since they are not the cheapest and didn't offer free whois until now.
Ugh, leave it to Namecheap to fuck up extremely simple UX. Instead of just giving me a toggle in the domain settings, I have to add WhoisGuard to my cart, once per domain (for the tens of domains I own), then go and select "10 years" in the purchasing screen (and wait for the entire page to reload) once for each domain, and then go through the entire checkout process to pay $0.
Why not just let me click a single button, Namecheap?
I wish a new registrar would come in with good service and UX and eat every other registrar's lunch. There aren't any registrars that easily let me manage my domains without trying to sell me tons of stuff every time I need to make a simple change. I've switched to Cloudflare for DNS because their UI is no-nonsense, I half wish they just sold me the domain as well.
I had just switched all my domains over to porkbun for this very reason - whois guard wasn't free at namecheap. I think I'll just leave the domains I moved there, and then continue with namecheap going forward. Now I view them as essentially equivalent plus or minus a few pennies per year.
Moved my domains to Porkbun as well, price is over 30% cheaper than Namecheap for .com renewals ($13 vs $9), privacy is also free, and they've got a real 2FA solution which Namecheap still does not have after all these years, so I'll be sticking with the Pork.
It was basically a tossup between Porkbun and Namesilo, so I went with the service with the more modern interface even though I don't interact with it much.
Their table to see how they stand up against competitors is hilarious! So many free privacy providers since ever like Dreamhost, Namesilo, BrandShelter, Marcaria (some TLDs), but yet you look at that table and you think "wow they are the only one".
Tangent : what happens to the whois guard if I want to transfer a domain between providers (eg- namecheap to google)? I've heard that during the transfer the whois guard has to be disabled. This means that services such as Domain Tools will log the whois data. Is this true? If so, is there any way to transfer a domain between providers while keeping contact details out of the public whois database?
I had to transfer domains once (from WordPress to Namecheap) and the instructions explicitly required disabling the privacy guard. It was only needed for the transfer period, which was about 3 days. I would love to know why the process requires it.
Now that this is mentioned, I revisited WordPress' instructions page and it says: "Most domain names registered at WordPress.com have GDPR protection, which means registrant contact information is not visible publicly, regardless of whether or not the domain has Privacy Protection in place. For these domains, disabling privacy will not result in contact info being publicly published."[0] Does this mean the process doesn't really need it but they registrars require it for some odd reason? If they can work it out without disabling privacy feature to comply with GDPR, why can't they do the same for everyone?
In my experience you can usually pre-enable whois guard equivalents during the checkout process for the transfer.
From the Domain Tools point of view the transfer should look like Old Whois Privacy LLP on SomeRegistrar transferred a domain to New Whois Privacy Corp on NewRegistrar
I've had my whoisguard at namecheap unexpectedly not renew several times, despite my having enabled auto renew, and the domain auto renewing. As a result my info was exposed until I caught it. I've migrated most of my domains to iwantmyname.com. much nicer experience so far. .io domains are really cheap at namecheap though so I haven't migrated them yet :/
Namecheap web design is very poor. They always plaster new feature on the top without deeper implementation. Many times I click a button only to see empty red box missing any obvious error message.
Besides I still have fun blocking my ex-employer namecheap account time to time. All you need is provide their username with wrong password 4 times and account is locked. You have to go thru extensive re-verification process. Its hilarious and totally unnecessary in the times of 2FA.
Besides namecheap has a long tradition of not standing up for your domain name. If they are pressed by someone offended by your content, they will take down your domain and take over it. That was few posts on Web Warrior I found years ago from terrorized people that made me change all my domains to namesilo.
I see a lot of comments about how clumsy this solution is and that it doesn’t work for some TLDs.
The solution I’m using is MyPrivacy.ca. It’s not a 1:1 replacement for WHOIS privacy but solves the Spam problem very well, it’s easy to set up and it works for all TLDs.
It is basically an opt-in email forwarder with a customizable whitelist of common registrars and NICs. So you will never miss an important mail from your registrar while most Spam will never make it through the challenge/response process.
It’s completely free and run by the guy behind easydns.ca (Mark Jeftovic).
They don't mention Gandi because that would be a marketing disaster. Gandi do no advertising, no affiliate/referral links, or anything else shady.
You might pay slightly more, but I believe Gandi operate a significantly better service, catering to shrewd users (I don't work there or have any financial interest in the matter, just a happy customer).
In fairness, Namecheap seem like a pretty decent second-choice, and most of my ire is reserved for all the 'baby's first domain name' bottom feeders out there.
For years, they've had a standing active "coupon" value that reduces it from $2.99 to $0.99 / year / domain. Unfortunately, you can't apply it to automatic renewals.
This finally solves that problem.
--
P.S. TO NAMECHEAP (who sometimes surfs HN, IIRC): PLEASE make sure that WhoisGuard is reliably renewed with this change in place.
Given the occasional glitches I've seen in your systems in the past, I want to emphasize this. It would be most unfortunate if a glitch exposed contact information: Once out, you can't take it back.
It took a long time for me to decide to try/trust autorenew. I'm worried I may now need to go back to manually signing in at each renewal, to make sure nothing has gone sideways.
At Namecheap, we care about your privacy and are now giving ALL our Namecheap customers FREE WhoisGuard for life, when they register a domain* with us.
This important change supports our strong belief in privacy, security, freedom and the equal treatment for all internet users.
Suddenly, they care about my privacy, whereas all the previous years they were soliciting subscriptions to their WhoisGuard service with each new registration or renewal order.
What a coincidence! And what an unfortunate choice of wording to their existing customers. (Apparently, I was very upset when I got this emailed)
Great domain provider i second that. Furthermore for us domains they have customer support directly in usa. Namecheap customer support is outsourced to romania. I dont have anything against it but i rather have my us based domains names looked at by us-personel.
Yes. It’s a marketing thing. (Someone correct me if i’m wrong) As I know, all domain name sellers should default to privacy (aka Whois guard) due to GDPR.
Read this UDRP decision, they found that using Njallas proxy service constitutes bad faith.
While this was a terribly misguided decision, UDRP cases rely heavily on precedent, so it'd be tricky to get this reversed.
Don't get me wrong though, most of the time njal.la is pretty nice and I have tens of domains with them. I just wouldn't use them for anything very important.
[+] [-] ve55|7 years ago|reply
I can't imagine many industries getting away with that except for registrars due to how the whois system has worked historically, but it's basically just extortion, keep paying us or you're doxxed. Whois privacy should be the default everywhere for no additional charge, so I guess this is a change in the right direction.
[+] [-] chris_overseas|7 years ago|reply
[+] [-] weinzierl|7 years ago|reply
Currently you can query for generic data and an abuse email address but the contact details are only revealed if you are the domain holder or have a solid reason[1].
> In all other cases, DENIC will generally not provide information. Instead, if you think that the contents of a website that can be accessed via a domain may be illegal, you should send an e-mail reporting the matter to the e-mail address for abuse reports (Abuse). You find the e-mail address on the domain query page. Moreover, the imprint, if any, of the website concerned will inform you who is the operator of the website.
To add some additional context, a proper, up-to-date imprint, including a postal address (no P.O.) and in most cases a phone number, is legally required for practically every website in Germany
[1] https://www.denic.de/en/service/whois-service/third-party-re...
[+] [-] tekstar|7 years ago|reply
[+] [-] elahd|7 years ago|reply
See http://www.ownit.nyc/faq, under "WILL PROXY REGISTRATIONS, SOMETIMES CALLED “DOMAIN PRIVACY” BE ALLOWED ON MY .NYC DOMAIN NAME?"
Basically, it's the registrar's policy to prohibit obfuscating the actual domain owner. Resellers like Namecheap have to abide by these policies.
I can't speak for EU domains, or for the reasoning behind the .NYC policy.
[+] [-] zimbatm|7 years ago|reply
The same restriction also applies to other name registrars like Gandi: https://wiki.gandi.net/en/domains/private-registration
[+] [-] talideon|7 years ago|reply
I can't recall the .vote/.voto policies (haven't work for a registrar in a year), nor those for .asia.
[+] [-] tradesmanhelix|7 years ago|reply
Edit: spelling
[+] [-] tcd|7 years ago|reply
29th May 2018: $10.98 (+0.11) for .com and 0.18 ICANN'T fee ($11.16 total).
So it's $0.71 cheaper without whoisguard. So that margin (increase in .com) probably covers the actual whoisguard cost, the $1 fee was pretty much pure profit.
[+] [-] giarc|7 years ago|reply
https://www.namecheap.com/promos/coupons/
[+] [-] _wmd|7 years ago|reply
[+] [-] jazoom|7 years ago|reply
[+] [-] tcd|7 years ago|reply
Only when we can stop profiting from selling privacy services because of a new law that came into effect a few days ago.
I'd have believed them if they did this 2 years ago once GDPR was announced. Already moved my domains from namecheap since they are not the cheapest and didn't offer free whois until now.
[+] [-] strictnein|7 years ago|reply
[+] [-] stratosgear|7 years ago|reply
[+] [-] StavrosK|7 years ago|reply
Why not just let me click a single button, Namecheap?
I wish a new registrar would come in with good service and UX and eat every other registrar's lunch. There aren't any registrars that easily let me manage my domains without trying to sell me tons of stuff every time I need to make a simple change. I've switched to Cloudflare for DNS because their UI is no-nonsense, I half wish they just sold me the domain as well.
[+] [-] davidkellis|7 years ago|reply
[+] [-] xref|7 years ago|reply
It was basically a tossup between Porkbun and Namesilo, so I went with the service with the more modern interface even though I don't interact with it much.
[+] [-] swlkr|7 years ago|reply
[+] [-] ausjke|7 years ago|reply
[+] [-] joering2|7 years ago|reply
I take it as a deceiving advertising.
[+] [-] ploggingdev|7 years ago|reply
[+] [-] m_sahaf|7 years ago|reply
Now that this is mentioned, I revisited WordPress' instructions page and it says: "Most domain names registered at WordPress.com have GDPR protection, which means registrant contact information is not visible publicly, regardless of whether or not the domain has Privacy Protection in place. For these domains, disabling privacy will not result in contact info being publicly published."[0] Does this mean the process doesn't really need it but they registrars require it for some odd reason? If they can work it out without disabling privacy feature to comply with GDPR, why can't they do the same for everyone?
[0] https://en.support.wordpress.com/move-domain/transfer-domain...
[+] [-] corobo|7 years ago|reply
From the Domain Tools point of view the transfer should look like Old Whois Privacy LLP on SomeRegistrar transferred a domain to New Whois Privacy Corp on NewRegistrar
[+] [-] keltex|7 years ago|reply
https://domains.google/#/
[+] [-] akerro|7 years ago|reply
[+] [-] gsich|7 years ago|reply
[+] [-] opinionator1|7 years ago|reply
[deleted]
[+] [-] timwis|7 years ago|reply
[+] [-] joering2|7 years ago|reply
Besides I still have fun blocking my ex-employer namecheap account time to time. All you need is provide their username with wrong password 4 times and account is locked. You have to go thru extensive re-verification process. Its hilarious and totally unnecessary in the times of 2FA.
Besides namecheap has a long tradition of not standing up for your domain name. If they are pressed by someone offended by your content, they will take down your domain and take over it. That was few posts on Web Warrior I found years ago from terrorized people that made me change all my domains to namesilo.
[+] [-] weinzierl|7 years ago|reply
The solution I’m using is MyPrivacy.ca. It’s not a 1:1 replacement for WHOIS privacy but solves the Spam problem very well, it’s easy to set up and it works for all TLDs.
It is basically an opt-in email forwarder with a customizable whitelist of common registrars and NICs. So you will never miss an important mail from your registrar while most Spam will never make it through the challenge/response process.
It’s completely free and run by the guy behind easydns.ca (Mark Jeftovic).
[+] [-] zimbatm|7 years ago|reply
https://wiki.gandi.net/en/domains/private-registration
[+] [-] ted0|7 years ago|reply
[+] [-] tombrossman|7 years ago|reply
You might pay slightly more, but I believe Gandi operate a significantly better service, catering to shrewd users (I don't work there or have any financial interest in the matter, just a happy customer).
In fairness, Namecheap seem like a pretty decent second-choice, and most of my ire is reserved for all the 'baby's first domain name' bottom feeders out there.
[+] [-] pasbesoin|7 years ago|reply
This finally solves that problem.
--
P.S. TO NAMECHEAP (who sometimes surfs HN, IIRC): PLEASE make sure that WhoisGuard is reliably renewed with this change in place.
Given the occasional glitches I've seen in your systems in the past, I want to emphasize this. It would be most unfortunate if a glitch exposed contact information: Once out, you can't take it back.
It took a long time for me to decide to try/trust autorenew. I'm worried I may now need to go back to manually signing in at each renewal, to make sure nothing has gone sideways.
[+] [-] _xgw|7 years ago|reply
[+] [-] stratosgear|7 years ago|reply
I was also emailed:
At Namecheap, we care about your privacy and are now giving ALL our Namecheap customers FREE WhoisGuard for life, when they register a domain* with us. This important change supports our strong belief in privacy, security, freedom and the equal treatment for all internet users.
Suddenly, they care about my privacy, whereas all the previous years they were soliciting subscriptions to their WhoisGuard service with each new registration or renewal order.
What a coincidence! And what an unfortunate choice of wording to their existing customers. (Apparently, I was very upset when I got this emailed)
[+] [-] joering2|7 years ago|reply
[+] [-] xedsvg|7 years ago|reply
[+] [-] Uberphallus|7 years ago|reply
[+] [-] nisa|7 years ago|reply
[+] [-] wdn|7 years ago|reply
Cheap and transparent pricing with free WHOIS privacy.
[+] [-] maltalex|7 years ago|reply
[+] [-] JoeDaDude|7 years ago|reply
https://www.hover.com/whoisprivacy
[+] [-] voidmain0001|7 years ago|reply
[+] [-] ryanlol|7 years ago|reply
Read this UDRP decision, they found that using Njallas proxy service constitutes bad faith.
While this was a terribly misguided decision, UDRP cases rely heavily on precedent, so it'd be tricky to get this reversed.
Don't get me wrong though, most of the time njal.la is pretty nice and I have tens of domains with them. I just wouldn't use them for anything very important.
[+] [-] hartator|7 years ago|reply
[+] [-] swlkr|7 years ago|reply
[+] [-] joelrunyon|7 years ago|reply