This sort of legislation is bound to result in two things:
1) Cyber criminals outsmarting the identification and verification mandates, because they're criminals, they're crafty, and they don't give a crap about breaking the laws.
2) Law-abiding citizens who might be whistleblowers, victims of stalking, or have other very genuine reasons for wanting to hide their personal information will be unable to register a website without putting themselves in danger.
This sort of legislation, while possibly well-intentioned, helps no one (except for stalkers, people who get a thrill out of doxxing, and corrupt organizations wanting to silence whistleblowers).
Years ago I received an email from my registrar Net4India for my .in domain that my Government mandates that information submitted to WHOIS DB must be genuine and failing to comply would get the domain cancelled or something like that.
I couldn't find more info about that mandate, Not sure whether the Registrar took upon itself to issue such statements based on Government's order for the registrars to maintain accurate information of the customers(Which isn't same as the info we provide for WHOIS per domain).
Anyways, I stopped buying .in domains, Privacy is a fundamental right in India now and so I'm not sure if the mandate can be applied even if its true. Registrars here are offering privacy redaction now.
Something like this always happens when some new regulation happens. Thinking of legislators as idiots and fear mongering.
The second thing won't happen because "anonymous websites", in this context, doesn't mean anonymous from general public but anonymous from governments.
Anonymous bank accounts are also banned so do you also argue that law-abiding citizens who might be whistleblowers, victims of stalking, or have other very genuine reasons for wanting to hide their personal information will be unable to register a bank account without putting themselves in danger?
3) people in between (i.e. not quite law abiding and not quite cyber criminals, or just people who value anonymity) are driven underground, or start using other anonymised means of putting content online.
It will be a freezing cold day in hell before I publish my real physical address as a part of my domain's WHOIS. Have those regulators not heard of swatting and doxxing?
I'm really happy about choosing a .com over a .eu domain now.
When you cut through the PR and look at the details the EU actually has quite a bad track record on both technology issues and authoritarian government, so sadly this kind of proposal isn't much of a surprise. But I'm 100% with you on this.
I still get phishing emails to an address I set up last century exclusively as a contact point when I managed some domains for a local community group. I haven't been involved with that group for more than a decade.
Every year we get deceptive postal mail to our business address, which is the contact address for the registration of our domains at work, trying to get us to sign up for one con or another involving domain renewal "checks", "registration with search engines", and so on. These almost always arrive in the time leading up to the anniversary of registration, even in the years when we don't need to renew because we previously paid for multiple years.
Cutting the personal details out of WHOIS was a simple, positive step to improve online privacy even just for everyday users who don't want to be subject to harassment and deception.
Yuck! Just when I thought we were doing things better.
> According to this directive, the registration of internet domain names will in future require the correct identification of the owner in the Whois database
The proposal doesn't state it needs to be kept in whois database. It states that it must be kept "in a dedicated database" and be available to "lawful and duly justified requests for access".
Obviously this isn't going to fix anything because those who so wish will just provide false information
ICANN already state that a domain name registrant is obliged to "provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes." This proposal is formalizing that in law.
Im not sure if i agree with that or not, but lets not pretend this is the end of "whois privacy", as many comments (and the author of this article) seem to be suggesting.
Publicly displaying the owner of a domain (and technical contact, and billing contact) was done until the GDPR (mandated by the European Union) was approved. According to GDPR, whois displaying ownership, etc was a violation of data protection and privacy.
Now the same EU says whois must display ownership. Well, fuck you, first figure out how that plays with your own GDPR.
Let’s not forget TERREG, which already makes it illegal in practical terms for individuals to have an open forum or blog in Europe
> The EU just passed TERREG yesterday without a vote that requires anyone running a website with user generated content (a blog with comments, a forum etc.) and if they have significant EU user base to establish legal presence in the EU and have an officer responsible for deleting content with 1 hr SLA. That's out of reach for most of people. You cannot even block your site for EU traffic, because EU users can use VPN.
[…]
> On 12 September 2018, the European Commission presented a proposal for a regulation on preventing the dissemination of terrorist content online, which included:
>The one-hour rule: a legally binding one-hour deadline for content to be removed following a removal order from national competent authorities;
While I normally argue in the favour of privacy, in this particular case I'm leaning towards thinking that web content accountability is a step in the right direction.
[+] [-] paperwasp42|4 years ago|reply
1) Cyber criminals outsmarting the identification and verification mandates, because they're criminals, they're crafty, and they don't give a crap about breaking the laws.
2) Law-abiding citizens who might be whistleblowers, victims of stalking, or have other very genuine reasons for wanting to hide their personal information will be unable to register a website without putting themselves in danger.
This sort of legislation, while possibly well-intentioned, helps no one (except for stalkers, people who get a thrill out of doxxing, and corrupt organizations wanting to silence whistleblowers).
[+] [-] Mountain_Skies|4 years ago|reply
[+] [-] Abishek_Muthian|4 years ago|reply
I couldn't find more info about that mandate, Not sure whether the Registrar took upon itself to issue such statements based on Government's order for the registrars to maintain accurate information of the customers(Which isn't same as the info we provide for WHOIS per domain).
Anyways, I stopped buying .in domains, Privacy is a fundamental right in India now and so I'm not sure if the mandate can be applied even if its true. Registrars here are offering privacy redaction now.
[+] [-] Kbelicius|4 years ago|reply
The second thing won't happen because "anonymous websites", in this context, doesn't mean anonymous from general public but anonymous from governments.
Anonymous bank accounts are also banned so do you also argue that law-abiding citizens who might be whistleblowers, victims of stalking, or have other very genuine reasons for wanting to hide their personal information will be unable to register a bank account without putting themselves in danger?
[+] [-] 1cvmask|4 years ago|reply
This image of controlling Internet speech by Ben Garrison always comes to mind:
https://knowyourmeme.com/photos/976837-reddit
[+] [-] selfhoster11|4 years ago|reply
[+] [-] selfhoster11|4 years ago|reply
I'm really happy about choosing a .com over a .eu domain now.
[+] [-] Silhouette|4 years ago|reply
I still get phishing emails to an address I set up last century exclusively as a contact point when I managed some domains for a local community group. I haven't been involved with that group for more than a decade.
Every year we get deceptive postal mail to our business address, which is the contact address for the registration of our domains at work, trying to get us to sign up for one con or another involving domain renewal "checks", "registration with search engines", and so on. These almost always arrive in the time leading up to the anniversary of registration, even in the years when we don't need to renew because we previously paid for multiple years.
Cutting the personal details out of WHOIS was a simple, positive step to improve online privacy even just for everyday users who don't want to be subject to harassment and deception.
[+] [-] tinus_hn|4 years ago|reply
[+] [-] dkdk8283|4 years ago|reply
> According to this directive, the registration of internet domain names will in future require the correct identification of the owner in the Whois database
[+] [-] ohiovr|4 years ago|reply
[+] [-] maxo133|4 years ago|reply
[+] [-] gruez|4 years ago|reply
[+] [-] 908B64B197|4 years ago|reply
What's that supposed to achieve?
[+] [-] supermatt|4 years ago|reply
Obviously this isn't going to fix anything because those who so wish will just provide false information
ICANN already state that a domain name registrant is obliged to "provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes." This proposal is formalizing that in law.
Im not sure if i agree with that or not, but lets not pretend this is the end of "whois privacy", as many comments (and the author of this article) seem to be suggesting.
[+] [-] Loeffeldude|4 years ago|reply
[+] [-] zxspectrum1982|4 years ago|reply
Publicly displaying the owner of a domain (and technical contact, and billing contact) was done until the GDPR (mandated by the European Union) was approved. According to GDPR, whois displaying ownership, etc was a violation of data protection and privacy.
Now the same EU says whois must display ownership. Well, fuck you, first figure out how that plays with your own GDPR.
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] 3guk|4 years ago|reply
[+] [-] CodesInChaos|4 years ago|reply
[+] [-] jikbd|4 years ago|reply
> The EU just passed TERREG yesterday without a vote that requires anyone running a website with user generated content (a blog with comments, a forum etc.) and if they have significant EU user base to establish legal presence in the EU and have an officer responsible for deleting content with 1 hr SLA. That's out of reach for most of people. You cannot even block your site for EU traffic, because EU users can use VPN.
[…]
> On 12 September 2018, the European Commission presented a proposal for a regulation on preventing the dissemination of terrorist content online, which included:
>The one-hour rule: a legally binding one-hour deadline for content to be removed following a removal order from national competent authorities;
[+] [-] xxpor|4 years ago|reply
[+] [-] em-bee|4 years ago|reply
[+] [-] Proven|4 years ago|reply
[deleted]
[+] [-] Xen0byte|4 years ago|reply
[+] [-] Mountain_Skies|4 years ago|reply