Abuse has nothing to do with a domain name. Nobody can abuse anyone armed only with a domain name. Without using an actual IP number, a domain name can do nothing. Protecting the privacy of a domain registrant is absolutely correct. The trouble is that network operators are resistant to accept the responsibility (costs, issues, trouble) of managing abuse Even if you do a whois right now, you will find a functional registrar abuse email address. The same cannot yet be said for the resources assigned by this RR Andre On Tue, 29 May 2018 14:00:44 +0200 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:
Whois, as everything in the life, has good and bad things. Against: Privacy invaded. In fact, when you register a new domain and you associate a visible email to it, in a matter of hours, you get spam. Pro: If it is a real email with humans behind, it facilitates the resolution of abuse cases. The balance is always difficult ... Regards, Jordi
De: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> en nombre de Volker Greimann <vgreimann@key-systems.net> Fecha: martes, 29 de mayo de 2018, 13:49 Para: Suresh Ramasubramanian <ops.lists@gmail.com>, "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Asunto: Re: [anti-abuse-wg] GDPR - positive effects on email abuse
Even in those cases, whois is but one tool that helps identify bad actors by means of violating privacy rights of millions. There are other tools, like DNS traces, reviews of hosting infrastructures used, etc. all of which will continue to be available for the uses you refer to.
And maybe it is time to ensure law enforcement is better equipped to deal with such issues earlier and faster. Up to now, governments have been afforded the luxury of being able to underfund such efforts as others were doing their jobs for them. Maybe this will lead to better law enforcement and international cooperation.
Best,
Volker
Am 29.05.2018 um 13:34 schrieb Suresh Ramasubramanian:
This unfortunately is entirely wrong and short sighted
All security practitioners protect our respective services and networks against a wide variety of threats including malware and phish campaigns.
Very few of those go on to be referred to law enforcement and that only after an extensive dossier is built internally to show that the perps in question justify a - frequently cross border - law enforcement action.
Security and protecting user privacy go hand in hand and I wish more people realised that, and maybe also realised the resource and administrative lconstraints and limits law enforcement is saddled with
From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Volker Greimann <vgreimann@key-systems.net> Sent: Tuesday, May 29, 2018 4:06:18 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] GDPR - positive effects on email abuse
Wow, the level of narrowmindedness and fearmongering is high with this one.
Crime online will likely not increase due to GDPR. It may be more difficult to detect and take action against due to the loss of one tool amongst many, but ultimately that tool was illegal to begin with as it violated the rights to privacy of millions of domain owners.
"Private researchers" and other vigilantes or rent-a-cops will indeed have a more difficult time to obtain such data as they will finally have to do so by legal means, but then they are in an untenable position anyway, taking upon themselves functions that should be fulfilled by actual law enforcement.
Ultimately, private data if internet users no longer being public will lead to better registration data for those with a right to access it. Those with no such rights will have to figure out alternate routes to do their jobs that does not violate the rights of millions.
Best,
Volker
Am 28.05.2018 um 21:13 schrieb Ronald F. Guilmette:
ox <andre@ox.co.za> wrote:
Firstly I would like to comment that the multinationals and their funded trade groups (and their lobby orgs) shouted from the rooftops that if the GDPR came into effect, Internet in the EU would collapse and there would be digital doom and gloom. I am not a multinational. I am an individual volunteer anti-abuse researcher. And yet even -I- have told everyone I know that the disappearance of public WHOIS is and will be an epic catastrophy. If there was cybercrime on the Internet before, it will be increased, going forward, by tenfold. How wrong they were (hindsight is perfect - as we can all clearly see) Be patient. The change has only just occurred.
The EU has truly become a world and global leader in the reclamation of individual rights and the free Internet. Here on this side of the pond, one usually has to turn on Fox News in order to be treated to this level of rubbish.
The only thing that has happened is that private researchers the world over have been effectively blinded due to the supreme arogance and idiocy of europeans... europeans who, in their religious fervor, have come to view it as their holy obligation to foist their demented notions onto the rest of the world, whether any of the rest of us like it or not.
Meanwhile the malevolent forces of state-sponsored intrigue and violation of human rights are and shall remain totally unfettered and unaffected by GDPR, as they will be the first ones to obtain special exemptions allowing them to continue to see WHOIS data. The CIA, NSA, BDN, and FSB are undoubtedly celebrating the arrival of GDPR, as it further entrenches their special status at the expense of the great unwashes masses.
Friday was a sad day for both transparency and democracy, but all across the globe both criminals and statists undoubtedly celebrated it with toasts of champaign.
Regards, rfg