Hi,

I would like to make a proposal regarding the database so that privacy can be included in the objects. Among the main objectives of the database [1] are "To provide accurate registration information of these resources in order to meet a variety of operational requirements" and "Facilitating coordination between network operators (network problem resolution, outage notification etc.)", and therefore the database contains information to facilitate these actions. However, this information can be used to obtain information about individuals and entities in order to carry out unwanted actions (network recognition, phishing, etc.). To prevent network information and contact information from being obtained, objects with anonymized information are stored in the database, role objects are used instead of person objects, non-real information is used, or inetnum objects are not created. Some mailing threads related to these issues have been seen on the mailing list [2][3].


My proposal is that the database offers privacy regarding the information it contains, allowing real information to be stored while protecting LIRs and end users by providing filtered information. To this end, I propose using a system similar to "domain privacy" in DNS registries to hide desired information:

- Use the option to hide sensitive information in mandatory fields.
- Provide an option to maintain contact with the person responsible for the object.

Example:

person: Privacy protected
address: Privacy protected
address: Privacy protected
e-mail: Privacy protected (contact link)
phone: Privacy protected (contact link)
remarks: For mail filtering or abuse problems contact with the abuse mailbox
nic-hdl: ABCD1-RIPE
mnt-by: Privacy protected (contact link)
created: 2008-11-13T15:53:02Z
last-modified: 2024-09-23T13:25:48Z
source: RIPE

One proposal is to use a Boolean model for each field (or for all fields in the object) to indicate whether the information should be "protected" or "public." Another example option would be to include levels such as "public" (publicly accessible), "LEA" (accessible by LEAs), "LIR" (accessible by other authenticated LIRs), and "private" (fully private). This information could be included by default at the user or LIR level using the LIR portal. For email or telephone communication, the platform could act as a mail intermediary or by providing anonymized email addresses, facilitating coordination between network operators/users.


IMO, first, we must reach a consensus on whether this option is useful for database management, and then we can discuss implementation details.

Regards,

Rodolfo GarcĂ­a (kix)

PS. Thanks Jordi, Miguel for your help.


[1] https://docs.db.ripe.net/What-is-the-RIPE-Database/Purpose-and-Content-of-the-RIPE-Database/

[2] https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-September/013860.html

[3] https://mailman.ripe.net/archives/list/db-wg@ripe.net/thread/MEOS4MD7ZYLVOAW4OESVMGWLSSV2CYLA/


The content of this email reflects personal opinions and does not represent the views of any organization.