ARIN-PPML Message

[ppml] [arin-discuss] Privacy of Reassignment Information

On Sat, 8 Apr 2006, Owen DeLong wrote:

> Education is the answer to phishing.  Hiding private information doesn't
> actually help.  The reality is that I can't recall ever receiving a
> phishing attempt that used information from whois. The phishers
> don't generally bother.  For one thing, there isn't a high enough
> percentage of targets with whois entries.

It happened and was in fact domain registration related phishing (apparently
to get domain password), but this has nothing to do with ip whois.

The reality is that ip whois is rarely used for spam target harvesting 
(but not never and doing so is not illegal or against arin policies) and
when it is, that is mostly to send service offers to ISPs, ASPs and other 
companies with presence on the internet. Additionally phishing requires 
email address and other contact information where as IP whois publication
is only required for name and address and only for businesses. So I really 
don't see how ip whois data can have anything to do with phishing.

> My opinions are based exactly on the fact, as I stated, that IP addresses
> are a resource assigned from the public trust.  If you obtain the use of
> federal land, that use permit is a matter of public record.  I don't see
> any reason IP address assignments should be treated any differently.
> Resource allocations in the public trust should be a matter of public
> record.

I entirely agree.


BTW - for people who worry about privacy and phishing may I remind that 
your tax records are in fact public information (at least in US), what do 
you think  provides more useful data that or whois if somebody wants to 
use this for fraud? Reality is that there is tons of data already in public
records on everyone and especially on corporations/businesses and all that 
data is of a lot more interest to abusers then what is in whois (difference
is that whois is easy to query and use, but in practice if anyone wants to 
do something bad, they'd go for more useful info anyway).

The real issue is that some ISPs don't want to provide records on who is
using their ip space. This is for various reasons - some are concerned 
about privacy as it related to their business business relationships,
some want to hide that they are dealings with certain  "net abusers"
(this is really subset of business relationship issue) and some are
just lazy and want to reduce amount of work they have to do (i.e.
publishing and maintaining SWIPs is extra work).

---
William Leibzon
Elan Networks
william at elan.net