Criminals the primary users of Whois privacy services: ICANN

Criminals the primary users of Whois privacy services: ICANN

Summary: ICANN has found more ammunition for its fight to overhaul the existing Whois system, finding that more criminals are using Whois privacy/proxy services than regular users.

TOPICS: Security, Privacy

A new study commissioned by the Internet Corporation for Assigned Names and Numbers (ICANN) shows that the current ad hoc privacy controls in place with the Whois system are being abused.

ICANN is currently in the process of recommending that the Whois system — a pseudo-directory of contact details for domain names — be replaced to include features such as authenticated access.

At the moment, domain name owners are required to list contact details for the administrators of the domain, including a phone number and address. As the information is freely available to anyone, many have begun taking their own actions to secure their privacy.

Typically, domain name owners provide false information, or use privacy/proxy services as an ad hoc way of doing so. These services hide the public record, but will release it when needed (such as when law enforcement agencies request it).

However, an ICANN-commissioned study conducted by the University of Cambridge and the National Physical Laboratory (NPL) has found that these privacy/proxy services are being abused by criminals.

The full study has yet to be published, but ICANN senior policy director Mary Wong said it shows that "the percentage of domain names used to conduct illegal or harmful internet activities that are registered via privacy or proxy services is significantly greater than those used for lawful online activities".

The effectiveness of the existing system, even when privacy/proxy services are not used, was also brought into question. For domains that did not appear to be engaging in criminal activity, NPL was unable to contact the listed registrant 25 to 55 percent of the time. If the domain was being used for illegal activity, this figure rose to 83 to 93 percent of the time.

Topics: Security, Privacy

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Domain Name Contact Information

    It's very important to make sure your contact information is up-to-date for your domain name. Mine is and I have a personal website with my own domain name.
    Grayson Peddie
    • Why is it very important though?

      No, it is not 'important' at all for anyone to have detailed contact information, like name address and phone number show up in a WHOIS query. An email address perhaps, so that someone can tell you there is a problem with your site/server or if someone wants to buy your domain.

      I think you are out of your mind to put your personal info (and photo!) on the internet - and why I think Google+ is ludicrous to demand that. Actors have a stage name, writers have pen names too, pssst, LadyGaga isn't her real name...

      I run several domains/websites some for me some my business - I was utterly horrified to find my home address and mobile phone number published so signed up for domain privacy immediately - that does not make me a criminal.

      If the cops want to find more they surely can - they can ask the NSA who will ask google or facebook or something.
  • I am a student

    and I run my own web server. I do not want my personal information displayed for everyone to see on another internet database. If I wanted that I would join facebook or twitter.
  • Criminals?

    Is it too much to assume, that if the ICANN is describing persons or activities as criminal, then the ICANN has determined that the persons have criminal convictions for those activities? Or is the ICANN acting as prosecutor, judge and jury?