<div dir="ltr"><div>As cybercriminal i wholeheartedly support the idea of removing all personal data from the RIPE DB.</div><div><br></div><div>That would make my life so much easier.</div><div><br></div><div>--</div><div>William</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 22, 2022 at 12:00 PM <<a href="mailto:db-wg-request@ripe.net">db-wg-request@ripe.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send db-wg mailing list submissions to<br>
<a href="mailto:db-wg@ripe.net" target="_blank">db-wg@ripe.net</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://mailman.ripe.net/" rel="noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:db-wg-request@ripe.net" target="_blank">db-wg-request@ripe.net</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:db-wg-owner@ripe.net" target="_blank">db-wg-owner@ripe.net</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of db-wg digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: IRT object postal address (denis walker)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 21 Jul 2022 15:41:58 +0200<br>
From: denis walker <<a href="mailto:ripedenis@gmail.com" target="_blank">ripedenis@gmail.com</a>><br>
To: "Ronald F. Guilmette" <<a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a>><br>
Cc: Database WG <<a href="mailto:db-wg@ripe.net" target="_blank">db-wg@ripe.net</a>><br>
Subject: Re: [db-wg] IRT object postal address<br>
Message-ID:<br>
<<a href="mailto:CAKvLzuE%2BRoNgGXL8TU3r4E5dOtOd3uweB9UzFJhgnOmpBruU%2Bg@mail.gmail.com" target="_blank">CAKvLzuE+RoNgGXL8TU3r4E5dOtOd3uweB9UzFJhgnOmpBruU+g@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
Ronald<br>
<br>
(For those who don't read long emails...) The bottom line is that this<br>
proposal recommends to remove postal addresses of contacts, not<br>
publish the 'full' postal address of natural persons holding<br>
resources, replace personal data with business data and generally<br>
bring the contents of the RIPE Database into line with the defined<br>
purposes.<br>
<br>
---<br>
Now to answer Ronald's points...<br>
<br>
You have your own (hidden) agenda Ronald, which is fine. But don't<br>
expect everyone to fall into line behind you. Most people know your<br>
tactics. Repeat the same nonsense and conspiratorial theories over and<br>
over and over again until people believe they must be true. You lock<br>
onto a phrase or even a word and create an entire fear mongering story<br>
around it. Then keep asking the same irrelevant questions and<br>
demanding answers. This is not how to have a professional discussion,<br>
it is a Trump/Johnson style campaign.<br>
<br>
Let's kill off some of your fear stories. I am NOT against<br>
accountability, NOT helping cybercriminals, NOT proposing anonymity,<br>
NOT obfuscating half the database, NOT proposing secrecy and NOT<br>
avoiding transparency.<br>
<br>
As for GDPR, the only person obsessed with it is you Ronald. It is not<br>
even mentioned in the proposed policy text. You use it to confuse all<br>
discussions on the content of the database. GDPR is only one of the<br>
factors concerning the content of the RIPE Database. There are defined<br>
purposes for the database. As the RIPE Database Task Force pointed<br>
out, we should minimise the amount of data needed to fulfil those<br>
defined purposes. That is the overriding principle governing what<br>
should go into the database and what remains in the database.<br>
<br>
Most people did accept that in order to resolve internet operational<br>
issues (one of the main purposes of the database) no one is going to<br>
visit or post a letter to a contact in the RIPE Database. Therefore<br>
contacts don't need postal addresses. Whilst you may feel there is a<br>
need for a postal address for a contact for an IRT object, as Nick<br>
said, the opinions of CSIRT teams are more relevant.<br>
<br>
You have said yourself many times that the database is full of<br>
garbage. When you demand irrelevant data and force people to enter<br>
information they prefer not to provide which is not even covered by<br>
the database purposes, you increase the chances of some people<br>
entering false or misleading information. The only 'crusade' I am on<br>
is to bring the contents of the RIPE Database into line with the<br>
minimum information required to fulfil the defined purposes of the<br>
database and any legal requirements. We can have a healthy discussion<br>
on interpretations of that minimum information, but we should not be<br>
arguing over the principle. Forcing people (with mandatory attributes)<br>
to enter 'interesting' but not relevant information leads to a corrupt<br>
and diluted database that is less useful to anyone. Even optional<br>
attributes that are not relevant, dilute the important information.<br>
<br>
You can wish for any information you like to be in the RIPE Database<br>
Ronald, but if it is not essential for the defined purposes, it is not<br>
going to be there. Feel free to propose your own policies to change<br>
the purposes of the database and store certified photos of all<br>
contacts and their families if you believe that is necessary for your<br>
use of the database...or set up your own database.<br>
<br>
cheers<br>
denis<br>
proposal author<br>
<br>
On Thu, 21 Jul 2022 at 06:01, Ronald F. Guilmette via db-wg<br>
<<a href="mailto:db-wg@ripe.net" target="_blank">db-wg@ripe.net</a>> wrote:<br>
><br>
> In message <<a href="mailto:CAKw1M3MEHHC63%2BBfS7P365F0Cw6hcGuOKKq0ZaTS%2BevtdiZDoQ@mail.gmail.com" target="_blank">CAKw1M3MEHHC63+BfS7P365F0Cw6hcGuOKKq0ZaTS+evtdiZDoQ@mail.gmail.com</a>><br>
> =?UTF-8?Q?Cynthia_Revstr=C3=B6m?= <<a href="mailto:me@cynthia.re" target="_blank">me@cynthia.re</a>> wrote:<br>
><br>
> >> *) Why is the hiding of information even a priority?<br>
> ><br>
> >Hiding information is good from a privacy standpoint so you have to<br>
> >weigh the benefit of having the data public against the privacy<br>
> >implications of publishing it. (and consider any potential legal<br>
> >issues/requirements)<br>
><br>
> Transparency is good from an accountability standpoint. And in my opinion,<br>
> we have far far too little accountability on the Internet. Practically<br>
> every day now one can find stories about "hackers" and "cybercriminals"<br>
> and everyone just shrugs and goes back to work as if this is the way that<br>
> thing have to be, or that they are supposed to be.<br>
><br>
> My position is simple: If youy want to be anonymous, then get yourself a<br>
> pseudonym account on Twitter, or Facebook, or YouTube, or whatever, and<br>
> then blast away. Or alternatively, get yourself a domain name with all<br>
> of the WHOIS data redacted and then arrange wweb site hosting for that,<br>
> either on one IP of one hosting company, or several. But somewhere up<br>
> the chain there needs to be accountability, always. It is *not* a God-<br>
> given right to have an IP address block or an ASN. It is a privilege.<br>
> And that special privilege should be reserved for those who are willing<br>
> to be held accountable for what goes on upon their networks.<br>
><br>
> You and Denis are trying to _remove_ accountability from the equation, and<br>
> I remain steadfast in asserting that this will only benefit criminals.<br>
><br>
> >> *) Are these deliberate obfsucation steps still being justified on the<br>
> >> basis of GDPR, or do you now accept as fact that GDPR is irrelevant in<br>
> >> the context of the RIPE data base, and that it does not currently compel<br>
> >> RIPE to make any changes to the public WHOIS data base whatsoever?<br>
> ><br>
> >Denis has already mentioned in an email regarding 2022-01 that he will<br>
> >not address any more GDPR issues until there has been a legal review<br>
> >as many of us are not lawyers.<br>
><br>
> I'm sure that I saw someone post here quite recently that he had checked with<br>
> RIPE legal already, and had already been assured that RIPE is _not_ facing<br>
> any current or imminent legal jeopardy with the status quo as it now exists,<br>
> either in relation to GDPR or in relation to any other applicable law or<br>
> regulation. If you need me to do so, I will find that posting in the archives<br>
> and I'll copy it here.<br>
><br>
> >While I can't speak for Denis, you have not convinced me that GDPR is<br>
> >somehow irrelevant<br>
><br>
> I don't see how or why it should be incumbant upon either me or anyone else<br>
> to persuade either you or Denis that no change needs to be made. You and he<br>
> are putting forward and supporting this proposal for a _change_ in the<br>
> current status quo. It is thus necessary for you folks to make a persuasive<br>
> case that a change _is_ needed, rather than for me or anyone else to make a<br>
> case that it isn't.<br>
><br>
> >> *) If the goal is to hide information, then why not just take the entire<br>
> >> RIPE WHOIS data base offline and hide the whole thing behind some sort of<br>
> >> permission-wall that can only be pierced with a legal warrant?<br>
> >><br>
> >> (That last question is, of course, the essential point, since that endpoint<br>
> >> seems rather clearly to be the direction in which this is all headed.)<br>
> ><br>
> >This question is not really an "essential point" in my opinion as<br>
> >there is a big difference between hiding postal addresses and hiding<br>
> >abuse email addresses and route(6) objects.<br>
><br>
> You are doing just what Denis has done so far in relation to this whole<br>
> thing... You are evading the question. If transparency is "bad" and<br>
> secrecy is "good" then why not take that general principal to its final<br>
> and logical conclusion? Why not just take the whole WHOIS data base<br>
> offline entirely?<br>
><br>
> It's a simple question. I'd like to see either you or Denis answer it,<br>
> rather than evade it.<br>
><br>
><br>
> Regards,<br>
> rfg<br>
><br>
> --<br>
><br>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: <a href="https://mailman.ripe.net/" rel="noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
-- <br>
<br>
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: <a href="https://mailman.ripe.net/" rel="noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
<br>
<br>
------------------------------<br>
<br>
End of db-wg Digest, Vol 131, Issue 14<br>
**************************************<br>
</blockquote></div></div>