[funsec] KnojOn: Phantom Registrars, Fake Pharmacies, and the Secret Infrastructure

Jim Murray jim at digitaldaemons.co.uk
Tue Sep 2 16:19:13 CDT 2008

Dragos Ruiu wrote:

>> Also, I am concerned about the war on privacy-protected domain
>> registrations.  Clearly, this is a useful service not only to the
>> scammers, but also to us, mere mortals.
>> Perhaps something needs to change - because it is true that the best
>> place to shutdown scam websites may be at the domain registrars -  
>> but I
>> am not sure that KnujOn has the right goals now.  Maybe they should
>> focus on development of established and enforced due diligence,
>> acceptable use, and complaint handling policies for the registrars, as
>> well as for registrar accreditation - but not on forcing the  
>> registrars
>> to not offer privacy protection.  Disclaimer: I am not very familiar
>> with the current registrar accreditation requirements or the like,  
>> so I
>> am clearly not an expert in this area and I can't really recommend a
>> course of action.

We must separate privacy from anonymity.

To protect *PRIVACY*, a registrar may replace the contact information of
the domain owner with details of their choosing. Having done so, the
registrar must accept responsibility for onward transmission to the
domain owner of all correspondence (including e-mail) intended for that
domain owner. In short, they may act as a *proxy* for a registrant if
they wish, but they MUST comply with the ICANN rules regarding the
holding of valid contact details for the domain owner.

Those which will not (and there are some that actively seek to hold as
little contact information for domain owners as possible) have no
business acting as registrars. They are in blatant breach of the spirit
(if not the letter) of the ICANN domain registration policy and are not
offering privacy at all - they are offering anonymity which is something
the domain registration system was never intended to allow.

Protecting individual privacy is a laudable and worthwhile goal but it
does not have to and MUST NOT be allowed to mean providing a cloak of
anonymity behind which scammers, crooks and fraudsters can operate with
 virtual impunity.


      DigitalDaemons IT Services.
   E-Mail : jim at digitaldaemons.co.uk
       PGP Key ID : 0xB7066495

More information about the funsec mailing list