Gandi Bar

Home > Internet > Domain Privacy might be changing: It's up to you!

Domain Privacy might be changing: It's up to you!

The Internet is changing. Or maybe not? It's up to you.

If you own a domain, you are a stakeholder in the Internet, and you have rights and responsibilities.

What rights are we talking about? We are talking about your right to privacy. If you have a domain name, you know that all domain names are linked to an entry in the WHOIS database, and that the name, address, email, and phone number of every domain name owner and its contacts are exposed for all to see?

Well, not always. It's more complicated than that, of course. This is the Internet, and nothing here is ever simple. Actually, a lot of information can be hidden, depending on the top-level domain you choose when you registered. In some cases you can hide all your information, even your name, from everyone but your friendly neighborhood registrar (and the registry of course). In other cases, there is no provision for hiding your name, but your address, phone number, and email can be hidden. Gandi hides your email behind a rotating hash email that forwards to your real address by default, unless you expose your real address yourself. Where possible (and for free), we also hide your address and phone number if you set the privacy option on, and as of today, we are making that true for more customers than ever before.

Some registrars have set up their own versions of privacy proxies, often for a fee. While honestly trying to serve their customers' needs, these providers are faced with the lack of a clear standard for this service and can end up further muddying the waters and raising questions about who really owns a given domain.

Obviously, there are some actors who don't like this situation, both individuals who value their privacy (like a lot of you reading this) and other actors. Actors like the law enforcement community, identity thieves, stalkers, hackers, intellectual property rights holders, and their lawyers.

So, the status quo is messy, imperfect, and leaves a lot of people feeling like there could be a better way. Clearly, we need to find a balance that allows the good guys to stay safe, shuts down the bad actors, lets the cops catch the robbers, and lets the intellectual property lobby go do whatever it is they do when not trying to take down allegedly infringing web sites.

That's what ICANN is for. It's a place where multiple stakeholders can come together, state their case for having a policy that allows and approves of some practices, bans others, enforces the rules, and generally sets the standard that all the players who want to be in the Internet domain name business can live up to. At Gandi, we go to the ICANN meetings, attend the sessions where these issues are discussed, and meet with other stakeholders to help hammer out solutions to these problems. We are a registrar stakeholder. We just attended the ICANN 53 meeting in Buenos Aires, where this topic was discussed and debated.

In general, the process works (and it is "working" now). In fact, there is a deadline approaching to implement (not just draft and approve) a new standard for whois privacy. It has to be done by the end of 2016. If nothing is implemented by then, we will be stuck with the status quo.

That deadline to ICANN is like tomorrow at 8:30 am would be for regular people. ICANN processes take time. Things don't move too fast when you have this many stakeholders and everyone gets their say. We can't afford to waste time with proposals that won't work.

There is a proposal like that right now. Until July 7th, a new draft policy for whois privacy is up for public comment. Before you go there, though, if we may offer an opinion here (and when have we ever been shy about doing that?), we think this policy in it's current form is bad. Really bad.

If the draft rules are adopted, any registrar that shields your whois data with a proxy service would be required to actually track your use of your domains and websites. They could be forced to cancel your privacy service and expose your data, or turn it over to anyone who complains about a site allegedly violating a trademark or a copyright.

Most worryingly, no court order, search warrant, or similar due process would be required. Yes, we are holding our noses, too: this stinks.

Gandi is asking everyone who has a stake in this to please check out the save domain privacy website at If you agree with us (and a whole lot of other people) that these proposals stink, please, sign the petition. If you have time, and you really care about domain privacy, please read the proposal, give some careful thought to them, and submit your comments. Even if you feel strongly, there is no need to be anything other than constructively critical of what you don't like, and sincerely complimentary of what you do. Epithets (and, for that matter, adulation) belong on social media for your favorite pop stars, not as part of a serious, important policy-making, Internet-changing, multistakeholder process. We encourage you to engage, like Gandi does, with ICANN, and let your voice be heard.

It's your Internet.