Is GDPR set to be the death of WHOIS?

David Carr

3 min read - 5th Jul, 2018

Domain registrars are getting worried. Understandably so as the threat of hefty fines for not meeting GDPR obligations means that they can no longer comply with ICANN (Internet Corporation for Assigned Names and Numbers) obligations.

Previously the WHOIS protocol published the names, addresses and phone numbers of those who register a domain. This is a system that is now illegal under GDPR.

Many registrars are following suit of the likes of GoDaddy who are no longer submitting details of new domains to ICANN or allowing access to existing domains data.

This means that any website owners who do not want to be found in WHOIS searches now will have privacy added automatically by many hosts. In fact they will simply not show up in WHOIS searches, even if they wanted to.

Compliance with GDPR obligations has become a real cause of contention for ICANN who manage the domain data who are in a difficult position. WHOIS, after all, is a great tool for security experts who rely on the data from WHOIS to investigate crimes. For now, no resolution has been found.

For the time being ICANN are not taking legal action against those registrars who do not complete the contractual obligations to submit this data. 

For web owners who are concerned about their privacy this is wonderful news as with many hosts now, 1 you no longer need to bother with adding on domain privacy and 2 you no longer need to pay for it. 

In fact domain privacy has been reversed. if you do not want privacy you now need to ask your host if they are willing to allow you to be found and many are saying no in fear of GDPR.

In this case, they may tell you to contact ICANN directly with your details but will refuse to do it for you on your behalf as this would undoubtly be a GDPR minefield for them with little to no return.

If you wonder why on earth you might want to switch of privacy then here are a few reasons.

Project upgrades

If you are unfamiliar with topics like nameservers then leaving this data intact could help your web developer next time you want to upgrade your project. it makes it easy for them to figure out who exactly manages a website. Questions like who is your host, what are your nameservers can be alien to some customers who don’t speak web. In many cases, it is just the personal details that are hidden from public whois searches and the technical details can still be searched. Still this is to the registrar's discretion.

Of course, in this situation, you will need someone familiar with the terminology to fill out the details for you if your host is unwilling. 

Evidence of trustworthiness (maybe)

Having readily available WHOIS information can help smaller, less well know eCommerce site prove themselves as trustworthy. It would not help on its own but could add as an extra layer of reassurance.

This final point may not be as valid as it once was. many have called for the end of the WHOIS system, first developed in the 80’s. it is considered to be far to easy to supply false information.  In fact, it is estimated this is the case for up to 40% of WHOIS data.

Where is this all going?

It seems, for now, ICANN is yet to find an immediate solution.  GDPR looks like it will certainly be a massive disruption for them. Still they remain under pressure from cybercrime investigators who wish to continue using WHOIS as the first line of investigation.

ICANN did investigate a gated privacy system for users some time ago but are yet to implement any kind of solution for at least another year.

Meanwhile, it seems web hosts are significantly more concerned of GDPR obligations that ICANN obligations.

Add a comment

Copyright © 2006 - 2024 DC Blog - All rights reserved.