This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Spam under protection. Believe it or not!
- Previous message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
- Next message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Tue Sep 29 05:08:16 CEST 2015
In message <795BDB4E-C73E-4669-AF8E-644156449479 at virtualized.org>, ICANN (David Conrad <drc at virtualized.org>) wrote: >This is not accurate. I can definitively state that ICANN is not >"effectively run by the registrars". ICANN has many, many masters, the >interests of quite a few of which are directly in conflict. To assert >that one stakeholder is running ICANN means you simply don't understand >how ICANN works. In Garth Bruen's detailed 2012 report, he described in detail (page 4) where the funding for ICANN's voracious money appetite actually comes from: http://krebsonsecurity.com/wp-content/uploads/2012/03/rogue_registrars_2012_DRAFT.pdf It is quite revealing! And if Garth's mountain of exquisitely researched and exquisitely documented research on the dysfunction that is ICANN isn't enough, I can also refer people to Paul Vixie's 2010 comments to the effect that "Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators": http://www.circleid.com/posts/20100728_taking_back_the_dns/ (I see no evidence that anything much has changed since Paul made those comments.) >> the Powers That Be (e.g. ICANN) have already and long ago >> decided that they simply don't WANT the problem(s) solved. > >This is untrue (at least in the case of ICANN, assuming ICANN is a >"Power That Be"). Swell. Then may I, with all due respect, request that you folks @ ICANN please get off your asses and get on with it? You can start by requiring that the names and phone numbers that appear in domain name WHOIS records match the ones associated with the credit cards that were used to pay for the relevant domain name registrations. It's a simple rule, and simple to enforce. If this were implemented, 90% of all spam and 98% of all crime on the Internet would cease, practically overnight. Oh! But I almost forgot. The people who actually pay your salary... the registrars... wouldn't like it. (They might have to actually start making money the old fashioned way... by actually earning it by providing real products and services that lost of non-criminals actually want.) So I guess that idea is a non-starter, even if it would quite dramatically reduce spamming and most other forms of Internet criminality. (Even a system where every domain WHOIS record contained an irreversable one-way hash of the ACTUAL dmain registrant's ACTUAL name would be a vast improvement over the current status quo... for those of us to spend hundreds of hours each year tracking down snowshoe spammers... but once again, the registrars are sure to block any such idea, because they don't want any of us pesky anti-spam activists to be able to notice what they are doing... i.e. knowingly selling domain names by the gross to crooked snowshoe spammers.) >> Has there ever been a single decision taken by ICANN which they felt >> they could get away with (i.e. without being sued to hell and back) that >> WAS NOT in the economic interests of the domain registrars? > >I doubt you'll find many registrars that believe the government/law >enforcement-requested changes that went into the 2013 RAA were in their >economic interests. They may not say so publically, but in private I would bet that the big ICANN "contributors" agreed that they had to swallow these kinds of small changes around the edges in order to forestall even more onerous legislative intrusions into their existing business models in various jurisdictions. (The public at large has really had it. We are all of us fed up to the teeth with all of the crooked and illegal hanky panky that goes on on the Internet, and that continuously hits the headlines and the evening news almost every day now. Citizens are finally demanding action and thus, legislators are starting to ask annoying questions. The only way to make at least some of these go away is for the industry to bite the bullet and accept some minimal concessions to their preferred operating mode of absolute secrecy, but _only_ to law enforcement. This way, at least, they can still avoid having to answer to the vast majority of the actual victims of their greedy daily cooperation with spammers and scammers.) >> This whole sordid scheme about anonomous donmain registrations is a >> case in point. > >You may wish to argue this point with those interested in privacy (e.g., >EFF) and other civil society organizations who are on the "we don't need >Whois" side of the interminable Whois wars. On most issues, I applaud the EFF. In this case however, they have elected to blindly follow their own internally-generated dogma rather than reason and common sense. You can have all of the privacy and anonymity you want... even on the Internet. And you can SAY anything you want. Just do it on somebody else's blog, BBS, or whatever. (Or do it on Facebook and Twitter, just like millions of participants in the so-called "Arab Spring" have done.) You don't NEED your own bloody personal domain name if you want to denounce crooked politicians, or human traffickers, or abortion provders, or abortion opponents, or Vladimir Putin or whatever. Claiming that the WHOIS info in a domain name registration NEEDS to be anonymous is ludicrous on the face of it. And behind the scenes most of the people who push this idiotic idea are either registrars or your employer (ICANN), or others who have been paid to express their opinions in a particular direction on this topic. Of course, the argument is always disingenuously couched in ridiculous retoric which has been designed and intended to elicit sympathy from the ignorant masses who don't have the first clue about the real issue. That's why the proponents and their paid spokes- models are always droning on about "those poor unfortunate rape victims" who are terrified, but who now... for some inexplicable reason... absolutely cannot find any other way to get their stories out unless they have their own private and anonymously registered domain names. I mean, PLLLEESE! These arguments are so pathetic, repetitive, and disingenuous that I have trouble understanding how even the ignorant unwashed masses are taken in by them. (But you know what they say. There's a sucker born every minute. No wonder we now have 25% of 1/2 of the country ready to vote for a "rodeo clown" as our next President. As Abraham Lincoln said "You can fool all of the people some of the time, and some of the people all of the time...") >> But the idea sailed through the ICANN approval process. > >Do you know how ICANN works? I can't think of _anything_ that "sails" >through the "ICANN approval process." OK. I agree. "Sailed" was not at all accurate. What I can say however is that with -zero- clear evidence of any serious or legitimate need, and with a completely predictable downside... which us billions of non-criminal Internet users are stuck with having to live with every damn day... the idea of "anonymous" or "anonymized" domain name WHOIS records _did_ make it all of the way through the intestine that is the ICANN consideration process. And why did it? Because it is a money-maker for the registrars, even if it gives the big middle finger to the entire remainder of the inhabitants of this planet. All of this crap about how political activists and rape victims need their own private (and anonymized) domain names in order to get their messages out is just that... crap. It's all a smokescreen.... a made up excuse for what may perhaps be the single most ANTI-social invention since the pay toilet. >> More to the point, does >> there exist *any* "quality control" (for lack of a better term) on >> ICANN decisions? Are any of them ever reviewed after they have been >> made and implemented, you know, to see if any of them are failures and >> should be recinded? > >ICANN has reviews of pretty much _everything_ we do. Great! Then when and how do we arrange for this particular incredibly moronic and ill-considered decision to be revisited (with an eye toward an early repeal)? >> why can't (or why >> shouldn't) this exact type of anti-fraud system be applied also to >> domain name registrations? > >Because it does not work in every country and ICANN gets heavily >criticized if it does things that disadvantage a stakeholder group. So what you are saying is that Google, and numerous other private companies (many of whom also offer services world-wide) *can* make a phone verification work, but ICANN for some reason, can't. Hummm... maybe they (ICANN) need to hire somebody into a high-level technical job who has more of a can-do attitude and/or who has some actual knowledge and/or experience with implementing this kind of (phone verification) system. Solutions are valuable. Lame excuses are worthless. You are trying to suggest that there are people out there... somewhere... perhaps n the back woods of Kazakhstan or some other equally worthless place... where there are people who *do* need to register domain names but who *do not* have access to either phones or Internet-connected computers, as may be needed in order to complete a phone verification. You seem like an intelligent fellow. Do I really need to clarify for you how absurd your contention is in this instance? (Why someone who has neither a phone nor a computer nor an Internet connection would need to register a domain name is left as an exercise for the reader.) >> this kind of idea will >> surely never even find its way onto the agenda of any ICANN meeting, > >There will be a number of sessions at the Dublin ICANN meeting on >approaches to address domain name abuse. For example, on Wednesday... Somebody cue the crickets. (Yawn.) I'm sorry, but I have exactly -zero- faith that anything which is the least bit useful or positive relating to WHOIS accuracy is going to come out of any ICANN meeting... for the reasons I have already stated. The registrars... who actually control the money, and who thus call the tune... do not want there to be any change to the status quo. They *like* being able to take money from criminals and (even more) from snowshoe spammers. And more to the point, they have become _addicted_ to that revenue stream. If anybody were to come into any sort of ICANN meeting, or ICANN committee meeting, or ICANN sub-committee meeting, or sub-sub-committee meeting and even dare to suggest that (gasp!) the registrars should perhaps give up this existing criminally-funded revenue stream... to which they have all become accustomed... that person would almost certainly get their teeth knocked out... if not physically, then at least verbally. The registrar representatives... which is to say most of the people who will be present in any ICANN meeting... would immediately jump to their feet and denounce the person who suggested that maybe they should stop doing business with anonymous criminals as a "communist" or worse. There are plenty of ways to shut down a discussion in a committee meeting. >October 21 from 10 a.m. to 11:15 a.m. entitled "Role of Voluntary >Practices in Combating Abuse and Illegal Activity" Unilateral disarmament? So basically, the idea here is that the good and socially responsible registrars will Do The Right Thing, all on their own, while the remaining ones will be free to continue making money by helping criminals and spammers to evade identification and capture. Is that about the size of it? >There is also a session on the ongoing effort >to create a framework for Registries to address domain name abuse Yea! Gee! That's what we need! A "framework"!! (Now why didn't *I* think of that? :-) (Hint: I'll see your "framework" and raise you a simple requirement for HONESTY as in "honest inclusion of the actual billing information into the WHOIS records for all domain registrations... or at least the ones that ICANN has some say over... which is about 95% of them.") Regards, rfg
- Previous message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
- Next message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]