Tag Archives: privacy

ICANN: Study on Whois Privacy & Proxy Service Abuse

ICANN logoPurpose (Brief): This study, conducted by the National Physical Laboratory (NPL) in the United Kingdom, analyzes gTLD domain names to measure whether the percentage of privacy/proxy use among domains engaged in illegal or harmful Internet activities is significantly greater than among domain names used for lawful Internet activities. Furthermore, this study compares these privacy/proxy percentages to other methods used to obscure identity – notably, Whois phone numbers that are invalid.

These findings will help the community understand the role that privacy and proxy service abuse plays in obscuring the identities of parties engaged in illegal or harmful activities, including phishing, cybersquatting, hosting child abuse sexual images, advanced fee fraud, online sale of counterfeit pharmaceuticals, and more.

Current Status: This Public Comment solicitation represents an opportunity for the community to consider the study results detailed in this report, provide feedback and request further clarifications. In parallel, ICANN and NPL will conduct Webinars to facilitate feedback by summarizing this study’s purpose, methodology, key findings, and conclusions.

Next Steps: NPL will consider all comments submitted to this Public Comment forum during the comment period, incorporate any needed clarifications, and then publish a final version of this Whois Privacy and Proxy Service Abuse study report. It is expected that this report will inform future GNSO policy development in relation to the Whois system.

Detailed Information
Section I: Description, Explanation, and Purpose:

At the request of the GNSO Council, ICANN engaged the National Physical Laboratory (NPL) in the United Kingdom to test the hypothesis that “A significant percentage of the domain names used to conduct illegal or harmful Internet activities are registered via privacy or proxy services to obscure the perpetrator’s identity.

To provide empirical data of use to Whois policy-making, NPL set out to measure whether the percentage of privacy/proxy use among domains engaged in various kinds of illegal or harmful Internet activities is greater than among domain names used for lawful Internet activities. Additionally, because privacy/proxy policy changes could prompt malicious registrants to elude contact in other ways, NPL also measured other methods used to obscure perpetrator identity – notably, invalid Whois phone numbers.

This study, led by Dr. Richard Clayton of the University of Cambridge, gathered large representative samples of domain names implicated in various illegal or harmful online activities, ranging from unsolicited phishing, typosquatting, and malware distribution to hosting child abuse sexual images, advanced fee fraud (also known as “419 scams”), and online sale of counterfeit pharmaceuticals. Key technical inputs were also provided by Professor Tyler Moore of Southern Methodist University and Dr Nicolas Christin of Carnegie Mellon University.

By examining sampled incidents and Whois data associated with domain names across the top five gTLDs – .biz, .com, .info, .net and .org – this study measured how often privacy or proxy services were abused by perpetrators (alleged and confirmed). Additionally, these results were compared to privacy/proxy use among domains engaged in lawful and harmless activities (e.g., banks and legal pharmacies), chosen to mirror studied illegal/harmful activities. Finally, researchers attempted to call registrants for a subset of these domain names not using privacy or proxy services, to determine whether they could in fact be contacted with only Whois data.

This draft report summarizes project activities, methodology, sampled data and findings, including statistical analysis of differences observed by the research team. These study findings will help the community understand the role that privacy and proxy service abuse plays in obscuring the identities of parties engaged in illegal or harmful Internet activities.

The GNSO Council is now seeking community review and feedback on the draft report. The purpose of this Public Comment period is to ensure that study results have been communicated clearly and to solicit feedback on desired clarifications (if any).

Section II: Background:

As part of its effort to develop a comprehensive understanding of the gTLD Whois system, the GNSO Council expressed an interest in conducting an in-depth study of privacy and proxy service abuse among gTLD domain names registrants engaged in illegal or harmful Internet activities. At the GNSO’s request, ICANN issued a Request for Proposal (RFP) in May 2010 describing a study to methodically analyze a representative sample of gTLD domains associated with a variety of illegal or harmful Internet activities. By comparing how often these “bad actors” use privacy/proxy services with overall privacy/proxy use, the GNSO hoped to prove or disprove its hypothesis that a significant percentage of the domain names used to conduct illegal or harmful Internet activities are registered via privacy or proxy services in order to obscure the perpetrator’s identity.

After considering RFP responses received from researchers willing to undertake this Privacy/Proxy Abuse study, as well as questions raised by both researchers and reviewers, the GNSO Council decided to fund a somewhat revised study proposed by NPL. Specifically, NPL proposed studying many but not all of the illegal/harmful activities enumerated by the RFP, using samples obtained largely from “live feeds” and authoritative sources. NPL declined to study DoS attacks, DNS poisoning, IP theft, and on-line stalking using incidents submitted by victims, questioning their relevance and/or the ability to gather reliably representative samples.

In April 2011, this revised study was approved by the GNSO Council and awarded to NPL. When initiating this study, the GNSO Council asked that the study report expressly note that this study’s purpose is only to analyze “bad actors”. Notwithstanding the legal or harmless domain names studied here for comparison purposes, many legitimate privacy/proxy customers are unaccounted for within the scope of this study. This study does not attempt to measure privacy/proxy use or Whois accuracy across all gTLDs, as did broader studies such as that performed by NORC at the University of Chicago in 2010.

The findings from this study are intended to provide empirical data needed to understand the role that privacy and proxy service abuse plays in obscuring the identities of parties engaged in illegal or harmful activities. This empirical data will create a baseline for evaluating potential Whois and Privacy/Proxy service policy changes.

Section III: Document and Resource Links: 
Section IV: Additional Information: 

Whois Privacy/Proxy Abuse Study Terms of Reference [PDF, 321 KB]

Whois Privacy/Proxy Abuse Study Staff Report [PDF, 437 KB]

GNSO Council Motion April 2011

NPL Selected to Conduct a gTLD Whois Privacy and Proxy Abuse Study

Additional Whois studies have also been conducted at the request of the GNSO Council, as summarized at: gnso.icann.org/issues/whois/

Comment / Reply Periods (*)
Comment Open Date: 24 September 2013
Comment Close Date: 22 October 2013 – 23:59 UTC
Reply Open Date: 23 October 2013
Reply Close Date: 13 November 2013 – 23:59 UTC
Important Information Links

This ICANN announcement was sourced from:

.CAT Offers Enhanced Privacy For Individual Registrants

The registry for .cat domain names, Fundació puntCAT, has announced that as of 7 January they have implemented privacy changes for individuals that use their .cat domain name for private use for existing and new registrants. The changes mean registrants can choose non-disclosure of Whois data.

The Catalonian registry says the changes in the privacy settings mean they are among the most privacy friendly and registrant oriented of the generic Top Level Domains.

The changes are also in alignment with European and Spanish data protection regulations and are the default setting for new registrants.

Existing registrants can implement the new privacy settings by going to the control panel for their account with their .cat registrar.

ICANN: WHOIS Privacy and Proxy Survey Final Report Published

ICANN logoIn response to requests from the GNSO Council to gather data to inform future WHOIS policy development activities, ICANN has commissioned a series of studies to evaluate different aspects of WHOIS. The WHOIS Privacy and Proxy Relay/Reveal Final Report, prepared by the Interisle Consulting Group in Boston, MA, USA, is the first of these studies to be published by ICANN. The Final Report takes into account public comment received on the Draft Report (See: www.icann.org/en/news/public-comment/whois-pp-survey-04jun12-en.htm), and is available at gnso.icann.org/issues/whois/whois-pp-survey-final-report-22aug12-en.pdf [PDF, 1.23 MB]. The Appendices are available at gnso.icann.org/issues/whois/whois-pp-survey-final-report-appendices-22aug12-en.pdf [PDF, 2.11 MB].

This survey was organized to determine the feasibility of conducting a future in-depth study to examine requests to relay communications to, and to reveal the identity of, customers of proxy and privacy services used in connection with gTLD domain names. The Interisle Consulting Group completed the survey in August 2012. The findings suggest that it may be feasible to tailor a future study to provide aggregated data and basic data collection from privacy and proxy providers. Such a future survey is likely to be well regarded by all stakeholders in the community, as it would provide significantly useful data in understanding how privacy and proxy providers manage relay and reveal requests.

The GNSO Council is expected to evaluate whether to recommend a new future study based upon the findings of the WHOIS Privacy and Proxy Survey Final Report.

For more information on the WHOIS Studies, please see: gnso.icann.org/issues/whois/studies.

This ICANN announcement was sourced from:

Australian Internet Governance Forum To Help Shape Local Internet

An Internet Governance Forum is coming to the Australian capital of Canberra in October with the goal of bringing government, industry and community members together in an open, apolitical forum, to discuss Internet-related policy issues, exchange ideas and best practices, and help shape the future of the internet in Australia.Hot topics for the inaugural auIGF down under include security, the IGF landscape, openness, privacy and access and digital inclusion. The latter is an issue in Australia due to the difficulty in getting remote and regional communities online and engaged, as well as people of lower socio-economic backgrounds along with people with disabilities.There will also be a number of interactive, community-led workshops, investigating specific internet policy issues in greater depth.”The Internet was built with a spirit of openness, collaboration and accessibility”, said Chris Disspain, CEO of .au Domain Administration Ltd (auDA) in a statement. “In establishing the auIGF, we aim to embrace these principles and provide a mechanism to ensure Australians have a prominent and well-informed voice in Internet discussions.”Speakers lined up come from both Australia and New Zealand and include representatives from Facebook, Google and the Australian Privacy Commissioner.The auIGF is coordinated by a number of prominent industry stakeholders, including auDA, the Internet Industry Association (IIA), the Australian Communication Consumer Action Network (ACCAN), the Australian chapter of the Internet Society (ISOC-AU) and the Asia-Pacific Network Information Centre (APNIC). It also has the support of the Department of Broadband, Communications and the Digital Economy (DBCDE) and corporate partners including Google, Facebook, AusRegistry and Maddocks.”The collaborative nature, timing and agenda of this forum is strongly supported by the IIA”, said Peter Lee CEO of IIA. “Given the significant focus on issues such as security, privacy and convergence in a digital world, it’s important to facilitate open discussion of those issues with all stakeholders.””Access to the Internet is essential for participation in today’s society across a range of areas including employment, community, education and access to services”, noted ACCAN CEO, Teresa Corbin. “The auIGF will be an excellent opportunity to share experiences and strategies aimed to promote digital inclusion, to ensure that everyone reaps the benefits of a connected society.””Given the importance of the Internet to the Australian economy, forums such as the auIGF are vital in facilitating policy discussions that promote the continued expansion and innovation of the Internet”, added Adrian Kinderis, CEO of AusRegistry. “The open, participatory, multi-stakeholder model has made the Internet a successful driver of social and economic growth and this is set to continue in Australia under the guidance of the auIGF.”The outcomes of the auIGF will help influence domestic policy and decision-making and will be fed into international policy processes including the UN’s World Conference on International Telecommunications and the 2012 IGF in Baku, Azerbaijan.”The IGF format has proven to be influential in global decision-making – both as a reference point and a repository of essential information that should be considered in policy-making processes” said Paul Wilson, Director-General of APNIC. “I invite all stakeholders to show their support for this model, both through the auIGF and other national and regional initiatives that will feed into the global dialogue.”For more information or to register ($50 per person) for the auIGF, check out the website at igf.org.au.

ICANN Selects British National Physical Laboratory For gTLD Whois Privacy and Proxy Abuse Study

ICANN logoThe National Physical Laboratory (NPL) of the United Kingdom has been engaged by ICANN to conduct a study of Whois Privacy and Proxy Abuse the organisation announced.

“Guided by Richard Clayton, NPL has established a collaborative study team of domain specialists from three universities,” ICANN announced on their blog. “Together, this team will examine the extent to which gTLD domain names involved in illegal or harmful Internet activities are registered via Privacy or Proxy services to obscure the perpetrator’s identity. Study results are expected in early 2013.”

“This study is being launched to help the Generic Names Supporting Organization (GNSO) and ICANN community better understand how often alleged bad actors obscure their identities using several common methods, including (but not limited to) Privacy/Proxy registration. By examining a variety of illegal or harmful Internet activities, including phishing, malware distribution, money laundering, unlicensed pharmacies, typosquatting, child sexual abuse images, spam, and cybersquatting, NPL will measure the percentage of associated gTLD domain names registered via Privacy or Proxy services, as well as the proportion of those registered with inaccurate or incomplete WHOIS details or stolen identities.

“To determine whether Privacy/Proxy use is significantly greater among domains involved in illegal or harmful activities, NPL will compare alleged bad actor percentages to the 16-20% overall percentage found by ICANN’s 2010 Study on the Prevalence of Domain Names Registered Using Privacy or Proxy Services among the top 5 gTLDs. Beyond placing bad actor percentages into context, this study will not attempt to analyze broader use of Privacy/Proxy services by domains registered for entirely lawful purposes.

“NPL is one of Europe’s leading National Measurement Institutes (NMI). Along with other NMI’s including the U.S. National Institute of Standards and Technology (NIST), NPL works with industry and government to develop the latest state-of-the-art measurement techniques for all areas of science and technology.”

This ICANN blog announcement originally appeared here.