GDPR

Welcome to domaining 2.0 – The version where you don’t have any domain ownership records!

Friday, May 25, 2018 was the start of a new, shittier, internet.

Welcome to domaining 2.0. The version where you don’t have any domain name ownership records!

Yes, that is right. No one knows from Friday that you own a domain name. Well, the registrar “maybe” knows it but that will not be helpful in many cases.

Try proving to a buyer that the domain they want to buy is yours. Whois was a public record proving that you owned your domain names. Of course you could have stolen the domain before BUT at least it would show you presently had control of the domain.

And of course you could find out (using tools like domaintools, whoisology or domainiq or by personally monitoring whois) who owned the domain name before that. There was a public track record. From now on and for future ownership changes there is going to be nothing like this.

How are you going to prove you own a domain name now? By providing an invoice or a screenshot of a registrar control panel that can all be photoshopped?

At least there are a few registrars (for now) that allow you to display complete whois details if you ask them to. But this is only for .com and .net because Verisign has not yet implemented thick whois yet. Some of these registrars include Namesilo, Epik, DomainCostClub and from what I hear Moniker and Directnic. (Let me know if you know any other registrars.)

I am not sure what GoDaddy is doing as GoDaddy is known for not following any rules. I had asked GoDaddy to not mask my whois in March but I am not sure this is still applicable after GDPR.

Some registrars that will not give domain owners an option of transparency include Enom and Tucows. I have not received a clear reply, as to what they plan to do, from Fabulous, Dynadot and Uniregistry so far.

ICANN was caught sleeping at the wheel. Just 2 week ago they passed an ambiguous temporary decision until they try to fix the mess they created next year.

So what did most registrars and registries do? They didn’t want to deal with EU and non-EU customers differently and they didn’t want to ask consent from EU customers to display their whois details. They did the easiest thing with ICANN’s blessings. They flipped the off switch and they are done with it. Cheaper and faster. Who cares about domain name owners, right?

Whois for many extensions like .biz, .info, .org and .guru went completely blank today. Neustar, Afilias, PIR and Donuts turned off all whois for all their (thick whois) extensions. The only thing you can see, if you are lucky, is the Registrant Organization.

A few idiots would say that this is great because we will get less spam, blah, blah, etc. Bullshit. There was whois privacy protection before GDPR came along. What this is doing is take away is my right to display my own information. All these registries don’t provide an opt-out of whois privacy. They just wiped out all my ownership records.

And 99% of the email addresses that will be used in the next 5 years have already been harvested! If you waited for GDPR to protect you from spam then you are out of luck!

I want to see these people that say this is all good when their domain name gets stolen and they then have to prove they owned the domain. Talk to me then.

Listen Neustar, Afilias, PIR and Donuts. I want an option to display my whois details and I want it now. We pay you renewals so that we have a working system, not a broken one. There is such a system and has been tested years ago. Wake up. (And no I will not say what it is. Not today.)

And no I don’t want messages forwarded by an anonymized email address or a web form. I don’t want sensitive data over insecure servers that may or may not be working being sent to me.

If I wanted an anonymized email address I could get it myself. I am sorry but users need to take some responsibility. They have 20 social media accounts but can’t get a free email address from gmail or yahoo to use on whois?

I want the option to display on my domain name whois information whatever I want to display.

What most people do not understand is that GDPR is a regulation that works TOGETHER with local laws. If a US law mandated public whois to be displayed for all domains by all US registrars and US registries then they would just have to display it. Period.

I have a headache for days now from all the bullshit that is coming my way and trying to navigate through different registrars and registries and ICANN and still run a business.

BTW, no US oversight over ICANN could not have saved us from the GDPR mess. A law is needed to save us from this mess and a law would be needed with or without US oversight.

(BTW welcome to the internet where legitimate companies are asking for a permission (they already had) to send you an email and spammers keep on spamming. Maybe we are going to be missing renewal warnings because of GDPR because some domain name owners missed a confirmation email from a registrar.)

Finally, I have to say that blocking all Europe from your website or blog is not the way to go. I understand the frustration of Theo from DomainGang.com and believe me I am frustrated too but I am looking for ways out of this mess. I can’t tell him and others what to do but somehow there must be a way out of this mess. I will take it as it comes for now, trying to put some sense into it day by day.

Sold.Domains

About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and I am now living in Athens, Greece. I went online in 1995, started coding in 1996 and began buying domain names and creating websites in 2000. I started the OnlineDomain.com blog in 2012.

20 comments

  1. The responsible and scalable solution to this mess is likely to be Self Sovereign Identity. It is regrettable that the transition was not coordinated in an orderly manner. In the meantime, the secondary market for domains will have to adapt through proactive use of parking landers that lead visitors to the right place, and make sure their registrars are proactively working to drive WHOIS inquiries to a search page that will conveniently connect interested parties to the registrants. The situation is navigable for those who are paying attention. For those who do nothing, they may see inquiry volumes from qualified end-buyers drop by 50%. Since this is a business where margin is on the margin, the do-nothing strategy is not going to be tenable for most large scale domain investors. Epik is actively deploying solutions to protect registrant rights and registrant upside.

  2. While it’s probably not 100% fool proof, and would be more time consuming than preferred, one could ask the potential buyer to give you a code that you will put up on the home page, or another page of site. Would have to pay like $10 for a wix account to do this if it’s not already hosted.

  3. I am done with any registrars that aren’t giving the option to display whois. Luckily I am using mostly registrars that already do this. Dynadot, Uniregistry and Godaddy but Godaddy isn’t quite as good as you have to use whois.godaddy.com to see any details. Otherwise, you see nothing. I am not impressed by that. Most people won’t read the fine print at the bottom to go there to see the details.

  4. 1. The absolute most concerning problem with GDPR is cybersecurity. Researchers will come to a dead end when tracing criminals due to ICANN complying with laws intended for one geographical location.

    2. We can absolutely trace this back to US giving up its control of ICANN. It was always the intention to have a free and open internet not governed by laws of one nation. Now we have ICANN clearly defining which laws of nations it intends to comply with, while disregarding others. Quite opposite of what we were told when US gave up its oversight.

  5. I’m not much of a commenter but this time I really want to say ‘Congrats Konstantinos!’ on a well written article with pertinent thoughts and of course for all the hard work you are putting to provide the latest and more trustworthy news in the industry.

    With this article you really took the words out of my mouth, I have the same thoughts regarding this matter and this affects all domainers, doesn’t matter which nationality they are or their eye color.

    So far, I was able to talk and opt-out for masking with Epik and Namesilo.
    Also talked via email with AlpNames and they gave me these instructions:
    https://manage.logicboxes.com/kb/answer/2958

    Regarding GoDaddy, what can I say, nothing new under the sun!
    After being 25 minutes on hold, spoke like 20 minutes with a guy at the end he said that they can not broke the law even if I give the my consent to not mask my whois as it might cost them Millions of $ and that I should be more concerned about companies that are willing to unmask the whois rather then those who aren’t.

    I see registrars who understood that due to the GDPR, now, only the EPP is needed and checked prior to completing the transfer purchase and some are still asking to request the losing registrar to disable the GDPR privacy temporarily and update the information in general whois for public so that they can fetch the registrant contact information of the domain to initiate the transfer.

    I have nothing further to add as a conclusion… ✌

  6. Hello,Kostantinos,

    This morning hour Madrid (Spain) I look at whois.uniregistry.com and give all full information.

    • Not anymore, here in Texas, Jose!

      I just checkk out your link.

      It shows the registrar, the server, the State and Country where the owner of the name is, but NOT the name, address and email address of the owner.

  7. With one click you can opt out at Fabulous.

    • Noticed that great one click option at Fabulous.com Richard and I guess it’s from their ownership by Directnic.

  8. Not anymore, here in Texas, Jose!

    I just check out your link.

    It shows the registrar, the server, the State and Country where the owner of the name is, but NOT the name, address and email address of the owner.

  9. I seem to get more spam emails now then before the 25th

  10. #GDPR will kill innovation, and slowly atrophy start-ups globally.

  11. If any domain name was abused then how to find the owner if there is no record?
    While personal data is not displayed, there must be an ownership record for every single domain name, at least in a confidential ICAN and registrar database.

  12. FYI,

    GoDaddy.com is still showing the Whois. The link is located at the bottom of their homepage. I checked some of my names and others, and it DOES show all info.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.