Whois Privacy Programs - Warning Signs Ahead?

[Nexus]

So, I was mulling over WLS some more lately, and something new occured to me about a trend that I personally have been leery of. People in the past have expressed concern that some registrars/resellers may occassionally be "poisoned" by having a name registered with their service that is "too good". They might see it... fold up shop, and keep the name for themselves. --Or so the fear goes. I'm not too concerned about that, because I'm still under the possible delusion that the ICANN Accreditted registrars I deal with have some measure of accountability.

A thought occured to be however that falls outside of any "accountability" assumption. More and more, registrars are beginning to offer "Privacy Guard" type services, that profess "protection" of private information from prying eyes that may read this data from the Whois on your name. The services (most notably GoDaddy's) in effect has a registrant transfer ownership of a name to the registrar (alarm bells), and the registrar then keeps a binding contract that they will transfer ownership back upon request. Hm.

Recently GoDaddy's service was in the news, as someone was having an abominable time getting control of their name back. Apparently the person with all the correct contact information was no longer with the organization, and GoDaddy wasn't acknowledging the company's right to the name. This situation was apparently straightened out from what I gathered, but I thought about it some more.

What happens when the name expires?

What if the name is substantially valuable?

What if the registrar is about to "delete" the name due to non-renewal, and realizes a very salient point... the name is actually THEIRS. They could sell it if they wanted... Why delete it when they are the legal registrants of the name? No, really... Why?

If you are researching a name, and find it is using a "privacy guard" type service, and appears owned by the registrar... what might you expect as that name heads into expiration?

Recently eNom has begun to roll-out a similar service. As WLS goes into effect, and more people begin to recieve random phone calls from people hunting names... will more of them turn to whois privacy services as a default? Will more registrars be put into an interesting position of having a growing cache of names that never need be deleted?

It's a concern I think.

Added to that, if "stolen", how do you cut through the crap if the registrar becomes "clueless" about it? People say Network Solutions was bad, but they were clearly an easy target as the only game in town for so long. With many other registrars on the scene now, customer service problems abound, but few escalate to the level of significant public embarrassment (and therefore "public attention").

Using privacy guard type services, you will certainly have to get over the hurdle of proving you owned it first. Dialog's who-Was service will be of little value to you at that point.

~ Nexus

 

[mole]

Originally posted by Nexus
As WLS goes into effect, and more people begin to recieve random phone calls from people hunting names... will more of them turn to whois privacy services as a default? Will more registrars be put into an interesting position of having a growing cache of names that never need be deleted?

The registrant is still fully and immediately contactable via the cryptic email that the eNom Privacy Protection service offers. This sleath email changes periodically to prevent whois spammers or stalkers from ever locking in.

 

[Nexus]

Originally posted by DNMole
The registrant is still fully and immediately contactable via the cryptic email that the eNom Privacy Protection service offers. This sleath email changes periodically to prevent whois spammers or stalkers from ever locking in.

That's all fine and good, but the big problem here in my mind is the idea of "ownership". If the domain expires, does it drop or not? Is there a standard method of handling such a thing if a name is "good"?

It seems on the surface a good idea, I'm more concerned about the "curve balls" and what it means for the industry, as opposed to the short term gains and benefits of individuals. Also, as a recent incident with GoDaddy demonstrated, I'm not satisfied that mistakes cannot happen with inter-registrar administration that cannot then be confirmed by public records (or even "records" of public records).

Some important things to think about I feel.

~ Nexus

 

[mole]

On making the name less likely to drop:-

I believe there is a condition somewhere in the GoDaddy service agreement that says your name will be autorenewed if you use that service, smart thinking.

I don't recall having seen the same thing auto-activated in the eNom agreement, but you could check.

Whatever it is, there is always the option for the registrant to remove the service and the autorenew that many registrars are putting into their registration processes, sometimes you can miss it altogether while registering names. This has been happening for a while with or without IDP.

On public records:-

The whois is an ever changing data snapshot with ICANN administered gTLDs and cannot serve as a reliable "public record", imho. You could effectively change your whois every single day and the speed of update is now less than a couple of hrs max, especially for the thick registry system deployed by Afilias and Neulevel for .INFO and .BIZ>

I believe the Godaddy incident was a fiasco - the ability to manage the domain and its associated services was lost somehow.

Giving credit were credit is due, I think eNom's interphase for IDP is simple to understand and administer, and you instantly see what whois is associated with the protected domain when you enter the IDP admin panel. The only way you are going to lose control is if you forget your username/password for your eNom account. But then, you have a fallback if your admin email is intact.

However unlike the average domainer who charges through their multiple registrar control panels every day like a walk in the park, the ordinary man in the street can be surprisingly naive where domain management is concerned. So maybe you have a point about possible problems ahead.

 

[Nexus]

Nice avatar, mole. I see what your saying. I'm sure there are some nice system in place for current registrants.

None of that seems to answer regarding whether a domain "expires"... for instance "auto-renew" can only happen if the billing information is inaccurate. People may cancel and reissue credit cards all the time, and forget to update the billing information. E-mail reminders get lost frequently as well.

If a name comes time to DELETE (and to be clear, I'm not talking about concern from the REGISTRANTS point of view, but concern for those who may wish to put perhaps put a WLS on a name), it seems clear to me, that the Registrar may choose what to do with ANY name that uses an "ID" protection service, when it comes time to DELETE that name.

I suppose for simplicity and PR, the best thing to do is just let it drop, but because they are in affect the legal registrants (and contractually agree to transfer ownership back on command), I would assume the contract terminates if billing is not forth-coming... and suddenly the name is a candidate for some other method of remuneration.

Still something to think about, and be wary of AS POLICY. As more and more registrars begin to roll-out similar systems, it could well change the landscape of expiring names into something slightly more alien and opaque.

~ Nexus

 

[Nexus]

One rough comparison that occurs to me is when someone agrees to pay the mortgage on a property, and stem problems with the bank, by agreeing to "purchase" a property, and be the official title-holder, while the original owner of the property then pays this new person, while the person agrees to pay the bank. If the original owners misses his/her payment, there is no need to foreclose on the property, because the property no longer belongs to the original owner. The new owner simply evicts the original owners, and owns the property for an extremely small amount of money.

It's clearly different in this case, but similarly, the registrar is now the "owner" or "registrant" of any domain name who's name is being "protected". If the original registrant misses payments after renewal, the registrar may turn the name over to a PPC engine (which generally happens now when names are suspended on Registrar-Hold), but after a few months, may decide to send the name into the after-market.

My concern is that the normal expiration process is subverted in a way that makes mini-WLS systems out of each registrar that implements such a think... except that they are the only beneficiary of every subscription put into place.

Dunno. Maybe its looking a gift horse in the mouth, but it seems to bear consideration.

~ Nexus