Network Solutions and Internet Privacy?

Karl Auerbach (all-around good guy, former ICANN at-large member, California lawyer) points out in his latest weblog entry that Network Solutions (purveyors of SiteFinder, that place everyone now goes when they type in the wrong domain name) has started a new web site aimed at domain information privacy called

It'd be ironic if it weren't so completely transparent. Network Solutions is clearly in a private information monopoly grab right now. First, they have tried to grab as much information as possible about what you mistype. Next, they launch a web site that is aimed at guaranteeing "your privacy" if you register a domain name. This would mean that only your domain registrar would have access to your information and that they would serve as a broker to anyone else who wanted that information.

This is a horrifyingly bad idea, and I'll tell you why.

At first, it may sound nice that if you have a domain name, you won't be giving away your email,phone, physical address and fax number to everybody who wants it. This would cut down on the amount of personal information floating around and reduce the amount of paper and email spam received by domain owners. However, this privacy comes at a cost. Many domain owners have taken advantage of alternative web services that cost substantially less than those provided by Network Solutions, while providing exactly the same service. Without publicly accessible contact information that would be much less likely. (Yes, this is a mild advocation of spam or at least junk mail).

Then there is the issue of network security. Most of us who look out for problems on the 'net use the whois information about domains to find links between domain owners that may be suspicious. When spam or a network attack comes from a particular IP address, investigations start by looking up that IP address in the ARIN (the number registry) database. This results in an email address and certain information about the people who "own" the network location. However, commonly this is just the ISP, not the ISP's customer. Hence, further investigation includes looking at the technical and administrative contacts for related email addresses to determine the likelihood of them being the same. This is usually done by querying the WHOIS data.

After all of this, there is the utility of being able to figure out who owns a domain for legal and ethical purposes. For example, if your name is George Bush and you want to know who is running the web site "", you can now look it up. Granted, the elimination of bulk WHOIS information won't change this, but some of the other possibilities hinted at by Network Solutions would require much tighter controls on access.

Beware of "strange bedfellows," if something looks odd, there's probably something going on that you don't see right away.