Domain registrars like GoDaddy will soon be held far more accountable for information on those who are signing up for web domains. In the future, users will need to verify either their email address or phone number within 15 days of applying for a domain. Without verification, registrars are instructed to suspend domain registrations. The new rule, which is one among many, comes as part of a new Registrar Accreditation Agreement (RAA) approved earlier this week by the board of directors of the Internet Corporation for Assigned Names and Numbers (ICANN) — a nonprofit which oversees everything from top-level domains to IP addresses. The updated rules, which won't take effect until a later date when registrars sign the new agreement, should make the often-inaccurate WHOIS data on domain registrations a bit more reliable, while deterring those looking to set up websites for illicit purposes from doing so.
The new agreement doesn't just require verification of registrant data, however. Registrars will be required to maintain information on those who signed up for domains, including details like credit cards, for two years after users cancel their registrations. Other information like the IP address used to sign up for a registration needs to be recorded and given to ICANN at its request for up to 180 days. Registrants will also need to update their contact information within seven days of any change under the new rules, though it's unclear how that will be enforced — the old rules only provided for 15 days to update such details and data was often outdated.
Update: An earlier version of this article stated that registrants would need to have both their email address and phone number verified to register a domain under the new RAA. The agreement only stipulates that one or the other is verified. We regret the error.
Comments
So long as they don’t stop WHOIS privacy.
By VoxMediaUser622334 on 06.29.13 6:09pm
They should follow .eu and allow you to actually disable WHOIS on your domain.
By Britoid on 06.29.13 6:23pm
Why?
By qubert on 06.29.13 7:49pm
Because every marketer hits up WHOIS registrar info for free contact information at best (at worst, people link your WHOIS information with private party data for anything from private investigation to “doxing”).
Connecting your WHOIS Data to an ISP responsible for your website is enough for law enforcement (Someone hosting kiddie porn or dogfighting brackets? No problem, evil can still be punished). The rest is unnecessary.
By About2BBanned on 06.29.13 10:39pm
So maybe they should hold whois websites to stricter policies as well. If data mining is so easy on who.is or other alternatives they should definitely work to fix this issue.
By ddrt on 06.30.13 2:53pm
That’s not how it works.
By top hat, no monocle on 06.30.13 4:08pm
Whois information is provided by the registrars, sites like who.is are just displays for the information – anyone can retrieve it with tools like ‘whois’ on Linux, etc.
By rmas on 07.01.13 9:11am
does this mean no more anonymous political blogs? not good
By macked on 06.29.13 6:20pm
New free email account and a prepaid phone. There’s always a way.
Alternately, I can imagine services where you pay a bit more to register through anonymous services who go through methods of recycling emails and numbers.
By Belligerent on 06.29.13 7:33pm
Yep, regulation like this is completely useless. It will have absolutely zero effect on anything that it is trying to address, other than serving as whitewashing and giving ICANN more to do.
I don’t care about what it’s trying to address though, so it’s all fine by me. :)
By Sunlampuh on 06.29.13 8:49pm
Aren’t prepaid phones subject to ID checks too?
By zygat on 06.29.13 9:54pm
Uh, not really.
I just bought service, phone, and airtime with a AmEx Gift Card paid with cash. The store selling the card didn’t even ask for my ID.
By About2BBanned on 06.29.13 10:40pm
Why would they ask for an ID anyways? Not like the prepaid card has your name on it.
By optionalpants on 06.29.13 11:25pm
I have about 50 PAYG SIMs here and none required any identification.
By Britoid on 06.30.13 2:30am
wow what do you use them for? drugs or other similarly illegal stuff?
I have about 7/8, but mostly just cos of trying out different providers and just keeping the SIMs (and numbers) cos they don’t cost anything to really keep.
I do admit, a couple are useful for anonymity (when you have to link stuff online to a phone number) so I use them for that. Telemarketers can ring those numbers that I leave on silent on old nokia phones (in fact usually turned off), all they want :P.
By VoxMediaUser612879 on 07.01.13 4:04am
Sure, there’s always a way. But there shouldn’t have to be. And even worse, by dismissing it as “there’s always a way” passively condones ever increasing restrictions.
And that’s exactly the problem, they are restrictions. Restrictions rarely eliminate something (“there’s always a way”), but they do limit something. If, today, you can register a domain semi-anonymously without leaving your chair, but tomorrow you have to pay extra money for a prepaid phone and go through the (albeit minor) annoyance of setting up an anonymous email account, you’ll find that some percentage of domains that might otherwise be set up, won’t be.
And that’s assuming getting a phone number is easy, while your country is in turmoil, or a million other things.
Which brings us back to the first point: this shouldn’t be something that needs to be circumvented in the first place (and, in the US, this type of circumvention can be prosecuted under the Computer Fraud and Abuse Act).
By top hat, no monocle on 06.30.13 4:15pm
Depends on the registar. Some charge additional for Whois Privacy. Great source of information for telemarketers. Slurp the phone numbers from Whois of those people who do not have whois privacy on their domains.
By winterpeg on 06.29.13 6:21pm
Finally, we can find out who’s behind gnaa.org
By russlar on 06.29.13 6:39pm
Considering you can register a new free email within minutes, and you can get a free mobile phone number not tied to you at all within minutes.
I don’t see the point.
By Britoid on 06.29.13 6:43pm
“Registrars will be required to maintain information on those who signed up for domains, including details like credit cards, for two years after users cancel their registrations…information like the IP address used to sign up for a registration needs to be recorded..”
By ThePainfulTruth on 06.29.13 9:16pm
Not that hard to register through a VPN service or Tor to hide your IP.
By optionalpants on 06.29.13 11:26pm
Sure it is. You have to have access to a VPN, or know how to use Tor. Or to even know that Tor exists, let alone what it is or how to use it (most people don’t, you might be (but shouldn’t be) surprised to know. Even most people who own domains don’t know).
Not to mention you have to know this is information will be legally obligated to be collected, stored, and upon request, delivered to a third party. Which, again, most people will not even know is the case.
By top hat, no monocle on 06.30.13 4:25pm
To most people it won’t matter, but to the people trying to do something illicit, they will figure out ways around it. The most secure would probably be to use a human proxy that does everything for you and you’re not attached to it at all.
By optionalpants on 06.30.13 10:49pm
Why do they need this info again?
By ttringle on 06.30.13 4:22pm
Because anonymity and autonomy are scary.
By top hat, no monocle on 06.30.13 4:31pm