The Tubes Are Still Clogged
Update: I’m just reading the actual bill and while the pdf of the bill doesn’t allow copy-and-paste, you can find the language about the whois on page 10. Basically, a domain registrar is not allowed to shield, mask, block, or otherwise restrict access to the registrants name, phone and fax number, physical address and email address if the registrar receives written notice that the domain owner is violating the provision of the anti-phishing bill.
So from the way I read this, you can still keep your private registration without violating the law, but if somebody hacks into your site and uses it for phishing purposes, the registrar will have to give up your name. Not going to stop phishers at all, of course, and just turning regular users into having to defend themselves from being accused as criminals.
(via downloadsquad) Looks like Ted Stevens is making a glorious return to the internet today. Stevens, together with Senators Snowe and Nelson, has brought a bill in front of Congress (pdf) that is going to make phishing (even more) illegal, as well as forbid private domain registrations.
Outlawing phishing is just simply idiotic, given that it is already illegal. In that respect, the bill is just foolish.
The idea of forbidding private WHOIS registrations, however, is outright dangerous. As Kayla Flemming explains, it does nothing to hinder phishing and doesn’t make persecuting it any easier:
Phishing most often happens within “cracked” directories on existing websites owned by innocent people. If a phish is reported, the data center which hosts the website is notified. This is because IP addresses do not lie. The person who owns the domain name has nothing to do with the phish (at least in a direct way) and they have every right to keep their details private if they want. Phishers are not in a habit of registering “bankofamericaaccountlogin.com” and buying hosting every day, that opens them up to being found easily. So the idea of possibly disallowing private domain registration is a foolish and definitely unfair to domain owners. (Disclaimer: I do believe businesses should have their details listed, but private citizens should have a choice.)
The domain for this blog is registered privately. Why? Because I don’t need people calling me or sending me mail. My domain registrar functions as a proxy and I’m sure if subpoenaed, they would give the information to the right authorities, even without this bill.
And what I write here isn’t even very controversial. I can think of a million other scenarios where private registrations are actually protecting people.
1 Comment