Good on them. I didn’t mind the extra fee, but it’s nice to know that going forward this will be included.
For those of you that may not know, a whois lookup is often useful if you’re wanting to issue an SSL cert to someone or if you are needing to track down support… Or crack into someone’s infrastructure
WhoisGuard protects against these look ups and makes the data anonymous. While this can be (not so) easily circumvented by someone that really knows what they’re doing, I recommend WhoisGuard or something similar if you’re going to have an active domain registered through ICANN. I know NameCheap gets a lot of flak (not sure why, though?), but this is something that definitely wins them a check in my book.
They had no choice. Due to the GDPR, the ICANN is forcing all registrars to hide WHOIS data from the public, which is essentially the service Namecheap used to charge for.
This caused a bit of a furor in the infosec community, which is where I heard about it. Turns out lots of criminals didn’t shell out the extra thirty-nine cents or whatever to anonymize their public WHOIS records, which made them easy to track down.
On the other hand, proper police work will allow for the collection of that data anyway as the registrars will still hold the data.
Ultimately I think this is a good thing, there’s a requirement for accurate data for domains, and that being public to everyone wasn’t the best idea in the long run. EU based domains (.eu, .uk, EU country codes, etc.) have already had private whois for anyone who owns a domain for personal use for a long time.
Well yes, but the whitehats don’t have access to court orders when they’re doing their research, and according to Krebs this will cause real problems for them. Turns out lots of criminals follow shockingly poor opsec.
The ICANN has a proposal that will give specific IP owners and security researchers access to WHOIS info, but that’s just a proposal and who knows when/if it will happen. Likely 2019 at the earliest. Krebs goes into that briefly also.
While I do agree fully, this would close a source of info for researchers, and yeah its worth talking about. I also don’t think its a huge issue, the benefits outweigh the cons, and this is how things always go, we’ll find new ways.
Krebs’ argument is they’re closing off WHOIS before providing infosec researchers a way to get at that data. And that means less criminals will be caught.
