Hacker News new | past | comments | ask | show | jobs | submit login

Absurd. Users "consented" when they signed up for a domain. Don't like it? Use a whois service to anonymize.



GDPR requires "freely given, specific, informed and unambiguous" consent. It also says that "Silence, pre-ticked boxes or inactivity, however, is presumed inadequate to confer consent."

This kind of explicit consent was not given in the case of most domain registrations, and anyway, GDPR allows for withdrawal of consent, so even if you did grant it in the past, you can withdraw it now.


That's why I put "consent" in quotes. (I think GDPR is a waste of resources, even though I have profited from some implementation activities.)


They didn't consent though, not by the standards of the GDPR, so their personal information cannot be published in WHOIS. So, no, paying extra for an anonymizing WHOIS service is not necessary; this will be the default level of service from a registrar.

I'm not sure what your intended argument is; can you rewrite in plain English and without scare quotes?


Yes, I understand that. Consent was originally in quotes because it wasn't actually consent in GDPR terms.

However, I will continue to argue that it was consent in a more general sense: They bought a domain, therefore their info is published in whois. It is necessary to provide the service. If they do not want their info published, they could have taken action to prevent it (whois service, alternate name, alternate email.)


It is not necessary in the purchasing of a domain name to publish personal information in WHOIS. Come GDPR implementation date, it is likely that the vast majority of newly purchased domains will not publish information into WHOIS. Given that most of these domains won't have private info go into WHOIS, how can you possibly argue that it's necessary?

All that's needed for the domain name system to work is to configure nameservers on the domain. That's it. Anything else is certainly not necessary. All WHOIS has ever done for me is resulted in fake domain renewal mailings, spam emails, and unsolicited spam/phishing calls. None of this is anything close to necessary.


ICANN and domain registries think WHOIS is necessary. Therefore, it is necessary. Technically, it is not required, you are correct.

And guess what? All that spam and stuff is still going to happen without whois and with the GDPR. It's cute that you think otherwise, but once your info is out there, there's no getting it back. Spammers don't care about your "consent" or your "right to be forgotten."


Source on domain registries thinking that WHOIS is necessary. It's a cost center, not a profit center, and some of us would rather not have to do it.

And no, that info would not be out there, and certainly not in such an easily discoverable format, without WHOIS. There's plenty of incoming spam I've received, both physical mail, email, and phone calls, that can be solely attributed to registering a new domain name with publicly visible info in WHOIS. Had that information not been public, I would not have gotten that spam, full stop.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: