[anti-abuse-wg] personal data in the RIPE Database

Ronald the reason I haven't responded to your previous emails is that
you are talking utter nonsense. And as usual the two relevant
sentences in your huge, long rants are lost in all the offensive and
pointless references. You talk of fanatics, extremists, dictators,
alarmists, privacy paranoia, perverts, fetish, fetishizing secrecy,
journalists, activists, teachers, ethics, morality, political
viewpoint, "old school" view, imaginary imperative, obvious disasters,
over-reaction, opinions, pretense, RIPE structures of power, planned
agenda of recalcitrance, obstructionism,
consistant inaction, institutionalized dysfunction, lethargic EU
member countries, opaque wall of stony silence, totally made-up bovine
excrement, garbage, absolute horse manure, stealthy secrecy and
deliberate opacity baked in, gay rights in Florida, God, Hell, .US
registries, UBOs, etc. How on earth do you expect anyone to follow
what little arguments you have when wrapped in all this crap. You have
managed, in a few long emails, to insult or offend me, other
contributors, the RIPE NCC, their legal council, the RIPE community,
20k+ member organisations and the EU with your arrogant, bullying
attitude...Ronald is of course right, anyone who doesn't see the world
as you do is an extremist, fanatical dictator.

Why should anyone fear having their address in this open, public
database? If you suffer from it, it's not the database's fault, it's
your fault for giving your real address when asked for it. Clearly
there are so many options available for you to confuse everyone. As in
that video presentation I referenced from Europol when they explained
how their investigation came to a dead end at a drop box. So yes great
idea Ronald. Lets encourage everyone to get PO (Drop) boxes instead of
using real addresses. Guess who is going to be queuing up at the post
office tomorrow to register for these boxes using those 'borrowed' IDs
from the pub? Probably every abuser across the region, given the way
you have so heavily promoted this option across your recent set of
rants.

You have confused the issues so much that now I will have to answer
your circular, repetitive arguments.

On Tue, 7 Jun 2022 at 00:36, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>
> In message <CAKvLzuG7PPTtQDwx2GoDgULdmLZdz5FzWTwa2pUVQWRqGHfQig at mail.gmail.com>
> denis walker <ripedenis at gmail.com> wrote:
>
> >We are talking about restricting access to one piece of data, the
> >address of natural persons. I accept that a lot of abuse may come from
> >address space held by natural people. I understand that a lot of
> >investigation work is done by companies and individuals. How much of
> >an impact would it be on your activities to not know the private
> >address of these natural people?
>
> Just a second.  Let's pause here for a moment and look at this question
> of the "physical address" information as it relates to WHOIS records.
>
> One of the many things that have, over the past several years, rendered
> almost all of the information that is now available in *domain name*
> WHOIS records virtually entirely worthless was the decision, some
> considerable time ago, by ICANN, to permit the use of essentially
> anonymous P.O. box addresses in the WHOIS records for domains registered
> within the gTLDs.  Additional commonly used methods of obfsucation in
> these domain name WHOIS records include but are not limited to (a) the
> use of "proxy" registrants and (b) the use of addresses of incorporation
> agents and (c) use of the addresses of attorneys.  (I have not surveyed the
> policies of the various ccTLDs with regards to their level of acceptance
> of such shenanigans but I have no reason to doubt that even the .US TLD
> allows for all of these clever methods of "hiding the ball" with respect
> to the actual physical location of the domain name registrant.  Hell!
> The policies governing the .US domain are crystal clear in prohibiting
> non-US legal entities from registering .US domains, but the operators of
> the .US registry demonstratably make no attempt whatsoever to check for
> conformance with even this minimal requirement.)
>
> So, as I have listed above, there are many different frequently-used ways
> that any natural person may use to obfsucate their actual physical location
> when registering a domain name.
>
> This prompts a rather obvious question:  Do there exist any policies,
> rules, or regulations which would prevent a natural person from using any
> one of the several techniques I have listed above to obfsucate their
> actual physical location when they generate their RIPE organization
> WHOIS record?

You just explained how these techniques have "rendered almost all of
the information that is now available in *domain name* WHOIS records
virtually entirely worthless". Now you are suggesting to use these
techniques on the number registry to obfuscate addresses.

> And more to the point, is it true or false that, as I have
> previously asserted, any member can put literally any inaccurate garbage
> they want into their public-facing RIPE WHOIS records with no consequence
> whatsoever?

False

>
> If the answer to *either* question is "yes", then it seems to me that
> enlisting RIPE NCC to embark upon a deliberate program to hide personal
> information in public-facing WHOIS records EVEN WHEN THE CORRESPONDING
> REGISTRANTS HAVE NOT THEMSELVES REQUESTED THAT is not only clearly
> unnecessary, but actually and demonstratably counterproductive.

So it is more productive to encourage people to use a range of
techniques to obfuscate their addresses so even the LEAs can't easily
find them.

> Should
> a natural-person who actually WANTS to be directly contacted for any and
> all issues relating to their RIPE number resources have that opportunity
> closed out, perhaps without even their knowledge or consent, by some
> small over-agressive cabal of GDPR fanatics acting unilaterally?  I think
> not.

You have, conveniently, ignored contacts. Those wonderful attributes
that allow resource holders to be "directly contacted for any and all
issues relating to their RIPE number resources". Surprisingly, when
there is a network issue it is so much faster to use the phone than
posting a letter to their address, especially that PO Box.

>
> As noted above, if any RIPE registrant wants to have their physical address
> info obfsucated then there appears to be any number of simple alternatives
> available to the registrant themself to achieve exactly that.  Thus, this
> new push to get RIPE NCC to hide information in public-facing WHOIS records
> seems to be a solution in search of a problem, and just another misguided
> top-down enforcement of an extremist view of "privacy", pushed onto the
> community whether the people actually affected, i.e. the registrants
> themselves, like it or not.

Yes Ronald, let's really push those ideas that "rendered almost all of
the information that is now available in *domain name* WHOIS records
virtually entirely worthless".

>
> (Note: I am not intending to pick specifically on RIPE here.  To the best
> of my current knowledge there are -no- policies or rules in -any- RIR
> globally that explicitly prohibit the use of P.O. boxes, proxy registrants,
> or the addrsses of associated corporate registration agents or lawyers
> within public-facing number resource WHOIS records.

Yeah, keep plugging that idea Ronald!!

> Nor do any RIRs
> have any clear policies which would have the effect of requiring there
> to be -any- clear correlation between what appears in a registrant's
> public-facing WHOIS records and anything corresponding to objective
> reality.)

So what harm does it do to restrict access to data that doesn't
reflect reality anyway? Thanks Ronald...no problem.

>
> >I can only think of three reasons why
> >you would need the full address. You intend to visit them (unlikely),
> >you want to serve legal papers on them or you attempt some kind of
> >heuristics with the free text search in the database to match up
> >resources with the same address.
>
> I agree with this list of possibilities, 1, 2, 3.

Wow you actually agree with me :)

>
> So which of these three are you attempting to hobble?

Never been into hobbling. Not my scene.

>
> Are you in favor of making it harder to serve people with legal papers?
> If so, why would you do that and who would be the beneficiaries of that?
>
> Are you in favor of making it harder for open-source researchers to search
> the data base for textual correlations that might provide clues to untoward
> activities?  If so, why would you do that and who would be the beneficiaries
> of that?

There are other ways to achieve this goal if you have an open mind,
but just for the record this type of research is not covered by the
purposes of the RIPE Database as defined in the Terms & Conditions.

cheers
denis
proposal author

>
>
> Regards,
> rfg
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/